2007-12-28 18:17:45 by HASH0x89ec53c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
How you would you go for ruining the Xmas holidays of a malware gang directly related to the RBN, Storm Worm, Possiblity Media's malware attack, and the malware embedded at the Syrian Embassy's web site, the way they've ruined the holidays for lots of security folks out there? You disclose all of their publicly known and currently active "online properties", submit them to Stopbadware, then see how they reply with a "Die();" message on one of their IPs (85.255.116.206), which is instantly confirming the positive ROI of your actions. The New Media Malware gang currently operates the following domains/IPs :flashupdate.net/images/index.php
taktomi.ru/NewYear/ad
l0calh0st.jino-net.ru/tds3
jkh-novgorod.ru/wstat/adpack/
natural-amber.com/spl2/index.php
s0s1.net/mp3/index.php
trffc.org/in.cgi?default
home-xxx.com/shaven/index.shtml
85.255.116.206/ax2/load.php
testers.x5x.ru/subpage/index.php
traffurl.ru/sliv/?91956802f6fabf
88.255.94.250/ddd/index.php
91.192.105.6/images
r52.juhost.ru/ip/index.php
orentraff.cn/tdsslam/index.php?out=1193100109
xll-g.com/beaty/13389babe/cumoninn.com.html
xmaturelife.com/0419/kim5.html
e-learningcenter.ru/eng/index_files/input000.htm
apnea.health-hack.com/old/index.php
milk0soft.com/ipck/index.php
85.255.116.206/ax3/loadj947.php
85.255.116.206/ax2/tet.php
85.255.116.206/ax3/tet.php
spl.vip-ddos.org
spl.vip-ddos.org/index.php
Now go migrate your "infrastructure" on the 31st of December. Happy holidays to you too!
