cNotes 検索 一覧 カテゴリ

感染誘導に利用されるランダム5文字.htm

Published: 2012/07/21

観測日: 2012/7/20

通数: 400通/day

手法: 誘導URL型

目的: マルウェア感染

特徴:

今までは改竄サイトに設置されるファイル名に共通性がありそれが1日〜数日単位で変化していくパターンでしたが、今現在は、サイトごとに

 「ランダムな5文字.htm」

のようなファイルが設置されるようになりました。


文面はおなじみのネタの「Your Wire Transger」や「flight ticket」等が利用されてます。

From部分は「LinkedIn」「Twitter」「Support」などの特徴的なものとランダム送信者が混在。


誘導URLの例。このようにバラバラの文字列が利用されてます。

URL
http://10086sjw.com/phcgk.htm
http://108xiaoyou.com/onvvw.htm
http://addio-nubilato.it/tmzdk.htm
http://anavets26.ca/zmsjz.htm
http://battery-marts.com/dcbrh.htm
http://battery-marts.com/zvjrx.htm
http://benfatto.ru/ldvan.htm
http://bilder.fotorubin.ch/ibtnf.htm
http://bjldys.com/khlkd.htm
http://blog.yoused.jp/nxdyl.htm
http://blog.yoused.jp/tulvt.htm
http://callofeve.sub.jp/cyfsc.htm
http://camille2.xsalto.com/wuwdr.htm
http://cgcyurong.com/gdrys.htm
http://cocyanchang.com/ezfxe.htm
http://colegiobilinguecuitlahuac.com/jdulr.htm
http://colegiobilinguecuitlahuac.com/rtkbl.htm
http://ecavyu.com/ygskk.htm
http://elliks2000.ru/bfuvs.htm
http://ercanozcelik.net/anvur.htm
http://faikminibar.com.tr/gfmue.htm
http://feiyankj.com/pnxtz.htm
http://feiyankj.com/zdcng.htm
http://fotografforum.com/gddul.htm
http://furnituravip.by/gplln.htm
http://gneho.com/uwvdt.htm
http://guimimall.com/watyt.htm
http://hof-stille.de/zeumz.htm
http://impchrafael.cl/jnydt.htm
http://indesai.info/roxao.htm
http://indesai.net/bacqa.htm
http://itrattscenter.se/czkmg.htm
http://jewal.biz/aqale.htm
http://leregaltraiteur.com/zpbzv.htm
http://lorica.ch/ztstf.htm
http://mtmzapchasti.ru/pcdeh.htm
http://mycctvs.com/hmvcd.htm
http://obelisco-sh.com/ihiwu.htm
http://obelisco-sh.com/mkxen.htm
http://olinax.com/lmvob.htm
http://olinax.com/oiryq.htm
http://personalizaricadou.ro/vhyyv.htm
http://pinnacleindustries.co.za/xozez.htm
http://pw365days.com/axxdm.htm
http://qhdxyz.com/rzwtm.htm
http://royalty-sh.com/qxlsa.htm
http://rxzgy.com/cvvvp.htm
http://sdpat.com/cashh.htm
http://seaweedok.com/ferfn.htm
http://shopanuleaf.com/yicky.htm
http://sklep.hapis.eu/ubvfn.htm
http://sosonline.hireda.it/xjffi.htm
http://stdtools.com/tbvyn.htm
http://terrassenschiebedach.de/afhdp.htm
http://terrassenschiebedach.de/fiqax.htm
http://togalatoumoria.gr/eijwv.htm
http://togalatoumoria.gr/vqogl.htm
http://tomek.galezowski.o12.pl/dirqd.htm
http://torresaudio.com/jxgld.htm
http://triplog.nu/owiap.htm
http://ubdirekt.nu/vxiic.htm
http://www.austat.org.au/ogkxz.htm
http://www.belladonnabeauty.be/yyagk.htm
http://www.biggidea.com/bftpy.htm
http://www.biggidea.com/rmknu.htm
http://www.bigstudent.net/yhicf.htm
http://www.bojiao.cn/ubdzc.htm
http://www.btslywj.com/jbdcy.htm
http://www.carjc.com/jhzxj.htm
http://www.carjc.com/ztypw.htm
http://www.chennupatitransport.com/uvgxu.htm
http://www.chenzhuo.com.cn/etjrf.htm
http://www.chinatyremould.com/hqach.htm
http://www.fotoflash.net.pl/beayf.htm
http://www.fyjtss.com/qpjcy.htm
http://www.fyjtss.com/wwoxd.htm
http://www.gioventi.nl/cbfma.htm
http://www.gioventi.nl/dotig.htm
http://www.gostoljublje.com/twuhm.htm
http://www.happybabybag.com/txiuz.htm
http://www.hojaverdegourmet.com/uiryp.htm
http://www.idecaboverde.grafcan.es/aahze.htm
http://www.idecaboverde.grafcan.es/wyhgo.htm
http://www.ilfilodiariannaonlus.it/ebslp.htm
http://www.jinny.cn/kqnjm.htm
http://www.kesta.pl/xobnp.htm
http://www.limbakuchnie.pl/ddqmn.htm
http://www.line-tec.cn/hjfif.htm
http://www.merkewibri.nl/qygtn.htm
http://www.myhuayi.net/xqgju.htm
http://www.reformisti.org.rs/rczue.htm
http://www.sergiogarbari.it/ktmao.htm
http://www.sh-llprint.com/yrmwl.htm
http://www.shtdjs.com/mfysm.htm
http://www.sinistrapercastagneto.org/kkkfa.htm
http://www.theorchard-efca.org/snotz.htm
http://www.tomz.se/wkyxo.htm

設置されてるサイトは世界中に。

日本のサイトも2つ。

domainipnameASAS Namecountry
togalatoumoria.gr193.92.97.57linux267.grserver.gr.1241FORTHNET-GR_ForthnetGreece
www.idecaboverde.grafcan.es195.57.95.71NONE3352TELEFONICA-DATA-ESPANA_TELEFONICA_DE_ESPANASpain
www.fyjtss.com58.215.64.147NONE4134CHINANET-BACKBONE_No.31Jin-rong_StreetChina
royalty-sh.com61.152.91.38NONE4812CHINANET-SH-AP_China_Telecom_(Group)China
www.myhuayi.net114.113.239.50NONE4847CNIX-AP_China_Networks_Inter-ExchangeChina
personalizaricadou.ro193.226.163.129NONE5606KQRO_GTS_Telecom_SRLRomania
impchrafael.cl200.111.67.83notro.tchile.com.6471ENTEL_CHILE_S.A.Chile
furnituravip.by93.125.99.8vh38.hoster.by.6697BELPAK-AS_Republican_Association_BELTELECOMBelarus
callofeve.sub.jp210.172.144.246lb20.virt.lolipop.jp.7506INTERQ_GMO_InternetIncJapan
blog.yoused.jp59.106.13.208www558.sakura.ne.jp.9370SAKURA-B_SAKURA_Internet_Inc.Japan
addio-nubilato.it217.64.194.122vm1087.cs11.seeweb.it.12637SEEWEB_Seeweb_s.r.l.Italy
bilder.fotorubin.ch193.247.72.43obligo.citrin.ch.15623CYBERLINK_Cyberlink_AGSwitzerland
sklep.hapis.eu85.128.244.125aoj125.rev.netart.pl.15967NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-AkcyjnaPoland
ecavyu.com217.26.70.56NONE15982VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37Serbia
www.gioventi.nl94.75.226.130server2.securitydatabase.net.16265LEASEWEB_LeaseWeb_B.V.Netherlands
www.fotoflash.net.pl87.98.239.87cluster014.ovh.net.16276OVH_OVH_SystemsPoland
sdpat.com203.158.16.38NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
sosonline.hireda.it74.50.95.11674-50-95-116.static.hostdepartment.com.19318NJIIX-AS-1_-_NEW_JERSEY_INTERNATIONAL_INTERNET_EXCHANGE_LLCUnitedStates
torresaudio.com217.76.130.206llge806.servidoresdns.net.20718AS_ARSYS-EURO-1_arsys.esSpain
www.hojaverdegourmet.com64.46.67.186NONE23216MEGADATOS_S.A.UnitedStates
battery-marts.com66.79.169.166NONE23338ASN-DCS-01_-_DCS_Pacific_Star_LLCUnitedStates
www.austat.org.au66.147.226.104host70.hrwebservices.net.23535HOSTROCKET_-_HostRocketUnitedStates
terrassenschiebedach.de188.40.218.28vserver24.colo-server.net.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
www.happybabybag.com72.167.227.201ip-72-167-227-201.ip.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLCUnitedStates
anavets26.ca65.61.204.40hosting.innovationnetworks.com.26753IN2NET-NETWORK_In2Net_network_inc.Canada
camille2.xsalto.com81.200.35.2NONE28768XSALTO-AS_XSALTOFrance
gneho.com82.96.94.2baldur.vel.pl.29686PROBENETWORKS-AS_Probe_NetworksGermany
www.chinatyremould.com66.232.101.195NONE29802HVC-AS_-_HIVELOCITY_VENTURES_CORPUnitedStates
pinnacleindustries.co.za69.36.188.100eezeenews.com.29854WESTHOST_-_WestHost_Inc.UnitedStates
www.ilfilodiariannaonlus.it62.149.140.227webx217.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.merkewibri.nl83.137.194.105server73.hosting2go.nl.34233SUPERIOR-AS_Superior_Internet_Services_AS_numberNetherlands
colegiobilinguecuitlahuac.com72.249.55.79server70.neubox.net.36024COLO4-CO_-_Colo4_LLCCanada
shopanuleaf.com174.36.92.4NONE36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
qhdxyz.com116.255.143.70NONE37943CNNIC-GIANT_ZhengZhou_GIANT_Computer_Network_Technology_Co._LtdChina
www.biggidea.com54.251.63.84ec2-54-251-63-84.ap-southeast-1.compute.amazonaws.com.38895AMAZON-AS-AP_Amazon.com_Tech_TelecomUnitedStates
triplog.nu217.70.32.136www1-php5.fordon.levonline.com.41175INTERNETBORDER_Internet_Border_Technolgies_ABSweden
benfatto.ru77.234.201.3serv9-3.hostland.ru.42289VTC-ITMO-AS_Saint-Petersburg_State_University_of_Information_Technologies_Mechanics_and_OpticsRussianFederation
ercanozcelik.net77.245.149.33srv75626s1.trdns.com.43391NETDIREKT-TR_Netdirekt_A.S.Turkey
mycctvs.com110.4.40.101NONE46015EXABYTES-AS-AP_Exa_Bytes_Network_Sdn.Bhd.Malaysia
www.theorchard-efca.org173.254.28.58just58.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
mtmzapchasti.ru79.174.72.131fe72-1.hc.ru.47385HOSTING-COMPANY-AS_Hosting_Company_RBCRussianFederation
www.belladonnabeauty.be193.202.110.130srv130.one.com.51468ONECOM_One.com_A/SNetherlands
indesai.info77.246.178.157indesai1mail.ea33.net.198149ASIDATAGREEN_IDATA_GREEN_CENTER_S.L.Spain

本体サイトはたとえばここ。

 porschedesignrussia.ru
nameIP逆引きASAS NameCountry
porschedesignrussia.ru203.80.16.81ns1.myren.net.my.24514MYREN-MY_Malaysian_Research_&_Education_NetworkMalaysia
porschedesignrussia.ru213.17.171.186213-17-171-186.ip.netia.com.pl.12741INTERNETIA-AS_Netia_SAPoland
porschedesignrussia.ru78.83.233.242ns.streambg.net.47366MVN-AS_MVN_Systems_LtdBulgaria

[カテゴリ:spam観察日記]

by jyake