<![CDATA[[SecurityRatty] tag: ugl]]> http://securityratty.com/tag/ugl Tue, 11 Mar 2008 16:50:27 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[The New Media Malware Gang - Part Four]]> http://securityratty.com/article/b106bfe3b9ae8041676ee1a8e489ac20 http://securityratty.com/article/b106bfe3b9ae8041676ee1a8e489ac20 Sometimes patterns are just meant to be, and so is the process of diving into the semantics of RBN's ex/current customers base, in this case the New Media Malware Gang. The latest pack of this group specific live exploit URLs :

bentham-mps.org/mansoor/cgi/index.php (205.234.186.26)
5fera.cn/adp/index.php (72.233.60.90)
ls-al.biz/1/index.php (78.109.22.245)
iwrx.com/images/index.php (74.53.174.34)
pizda.cc/in.htm (78.109.19.226)
ugl.vrlab.org/www/index.php (91.123.28.32)
eastcourier.com/reff/index.php (91.195.124.20)
thelobanoff.com/myshop/test/index.php (64.191.78.229)
203.117.170.40/~whyme/my/index.php
195.93.218.25/us/index.php
195.93.218.25/kam/index.php
85.255.116.206/ax5/index.php

Going through Part one, Part two, and Part three, clearly indicates an ongoing migration.
]]> Tue, 11 Mar 2008 16:50:27 +0000 php media malware gang excurrent customers base orgwwwindex eastcourier ugl pizda 5fera 25kamindex The New Media Malware Gang - Part Four