感染誘導に利用されるランダム5文字.htm
Published: 2012/07/21
観測日: 2012/7/20
通数: 400通/day
手法: 誘導URL型
目的: マルウェア感染
特徴:
今までは改竄サイトに設置されるファイル名に共通性がありそれが1日〜数日単位で変化していくパターンでしたが、今現在は、サイトごとに
「ランダムな5文字.htm」
のようなファイルが設置されるようになりました。
文面はおなじみのネタの「Your Wire Transger」や「flight ticket」等が利用されてます。
From部分は「LinkedIn」「Twitter」「Support」などの特徴的なものとランダム送信者が混在。
誘導URLの例。このようにバラバラの文字列が利用されてます。
URL |
---|
http://10086sjw.com/phcgk.htm |
http://108xiaoyou.com/onvvw.htm |
http://addio-nubilato.it/tmzdk.htm |
http://anavets26.ca/zmsjz.htm |
http://battery-marts.com/dcbrh.htm |
http://battery-marts.com/zvjrx.htm |
http://benfatto.ru/ldvan.htm |
http://bilder.fotorubin.ch/ibtnf.htm |
http://bjldys.com/khlkd.htm |
http://blog.yoused.jp/nxdyl.htm |
http://blog.yoused.jp/tulvt.htm |
http://callofeve.sub.jp/cyfsc.htm |
http://camille2.xsalto.com/wuwdr.htm |
http://cgcyurong.com/gdrys.htm |
http://cocyanchang.com/ezfxe.htm |
http://colegiobilinguecuitlahuac.com/jdulr.htm |
http://colegiobilinguecuitlahuac.com/rtkbl.htm |
http://ecavyu.com/ygskk.htm |
http://elliks2000.ru/bfuvs.htm |
http://ercanozcelik.net/anvur.htm |
http://faikminibar.com.tr/gfmue.htm |
http://feiyankj.com/pnxtz.htm |
http://feiyankj.com/zdcng.htm |
http://fotografforum.com/gddul.htm |
http://furnituravip.by/gplln.htm |
http://gneho.com/uwvdt.htm |
http://guimimall.com/watyt.htm |
http://hof-stille.de/zeumz.htm |
http://impchrafael.cl/jnydt.htm |
http://indesai.info/roxao.htm |
http://indesai.net/bacqa.htm |
http://itrattscenter.se/czkmg.htm |
http://jewal.biz/aqale.htm |
http://leregaltraiteur.com/zpbzv.htm |
http://lorica.ch/ztstf.htm |
http://mtmzapchasti.ru/pcdeh.htm |
http://mycctvs.com/hmvcd.htm |
http://obelisco-sh.com/ihiwu.htm |
http://obelisco-sh.com/mkxen.htm |
http://olinax.com/lmvob.htm |
http://olinax.com/oiryq.htm |
http://personalizaricadou.ro/vhyyv.htm |
http://pinnacleindustries.co.za/xozez.htm |
http://pw365days.com/axxdm.htm |
http://qhdxyz.com/rzwtm.htm |
http://royalty-sh.com/qxlsa.htm |
http://rxzgy.com/cvvvp.htm |
http://sdpat.com/cashh.htm |
http://seaweedok.com/ferfn.htm |
http://shopanuleaf.com/yicky.htm |
http://sklep.hapis.eu/ubvfn.htm |
http://sosonline.hireda.it/xjffi.htm |
http://stdtools.com/tbvyn.htm |
http://terrassenschiebedach.de/afhdp.htm |
http://terrassenschiebedach.de/fiqax.htm |
http://togalatoumoria.gr/eijwv.htm |
http://togalatoumoria.gr/vqogl.htm |
http://tomek.galezowski.o12.pl/dirqd.htm |
http://torresaudio.com/jxgld.htm |
http://triplog.nu/owiap.htm |
http://ubdirekt.nu/vxiic.htm |
http://www.austat.org.au/ogkxz.htm |
http://www.belladonnabeauty.be/yyagk.htm |
http://www.biggidea.com/bftpy.htm |
http://www.biggidea.com/rmknu.htm |
http://www.bigstudent.net/yhicf.htm |
http://www.bojiao.cn/ubdzc.htm |
http://www.btslywj.com/jbdcy.htm |
http://www.carjc.com/jhzxj.htm |
http://www.carjc.com/ztypw.htm |
http://www.chennupatitransport.com/uvgxu.htm |
http://www.chenzhuo.com.cn/etjrf.htm |
http://www.chinatyremould.com/hqach.htm |
http://www.fotoflash.net.pl/beayf.htm |
http://www.fyjtss.com/qpjcy.htm |
http://www.fyjtss.com/wwoxd.htm |
http://www.gioventi.nl/cbfma.htm |
http://www.gioventi.nl/dotig.htm |
http://www.gostoljublje.com/twuhm.htm |
http://www.happybabybag.com/txiuz.htm |
http://www.hojaverdegourmet.com/uiryp.htm |
http://www.idecaboverde.grafcan.es/aahze.htm |
http://www.idecaboverde.grafcan.es/wyhgo.htm |
http://www.ilfilodiariannaonlus.it/ebslp.htm |
http://www.jinny.cn/kqnjm.htm |
http://www.kesta.pl/xobnp.htm |
http://www.limbakuchnie.pl/ddqmn.htm |
http://www.line-tec.cn/hjfif.htm |
http://www.merkewibri.nl/qygtn.htm |
http://www.myhuayi.net/xqgju.htm |
http://www.reformisti.org.rs/rczue.htm |
http://www.sergiogarbari.it/ktmao.htm |
http://www.sh-llprint.com/yrmwl.htm |
http://www.shtdjs.com/mfysm.htm |
http://www.sinistrapercastagneto.org/kkkfa.htm |
http://www.theorchard-efca.org/snotz.htm |
http://www.tomz.se/wkyxo.htm |
設置されてるサイトは世界中に。
日本のサイトも2つ。
domain | ip | name | AS | AS Name | country |
---|---|---|---|---|---|
togalatoumoria.gr | 193.92.97.57 | linux267.grserver.gr. | 1241 | FORTHNET-GR_Forthnet | Greece |
www.idecaboverde.grafcan.es | 195.57.95.71 | NONE | 3352 | TELEFONICA-DATA-ESPANA_TELEFONICA_DE_ESPANA | Spain |
www.fyjtss.com | 58.215.64.147 | NONE | 4134 | CHINANET-BACKBONE_No.31Jin-rong_Street | China |
royalty-sh.com | 61.152.91.38 | NONE | 4812 | CHINANET-SH-AP_China_Telecom_(Group) | China |
www.myhuayi.net | 114.113.239.50 | NONE | 4847 | CNIX-AP_China_Networks_Inter-Exchange | China |
personalizaricadou.ro | 193.226.163.129 | NONE | 5606 | KQRO_GTS_Telecom_SRL | Romania |
impchrafael.cl | 200.111.67.83 | notro.tchile.com. | 6471 | ENTEL_CHILE_S.A. | Chile |
furnituravip.by | 93.125.99.8 | vh38.hoster.by. | 6697 | BELPAK-AS_Republican_Association_BELTELECOM | Belarus |
callofeve.sub.jp | 210.172.144.246 | lb20.virt.lolipop.jp. | 7506 | INTERQ_GMO_InternetInc | Japan |
blog.yoused.jp | 59.106.13.208 | www558.sakura.ne.jp. | 9370 | SAKURA-B_SAKURA_Internet_Inc. | Japan |
addio-nubilato.it | 217.64.194.122 | vm1087.cs11.seeweb.it. | 12637 | SEEWEB_Seeweb_s.r.l. | Italy |
bilder.fotorubin.ch | 193.247.72.43 | obligo.citrin.ch. | 15623 | CYBERLINK_Cyberlink_AG | Switzerland |
sklep.hapis.eu | 85.128.244.125 | aoj125.rev.netart.pl. | 15967 | NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-Akcyjna | Poland |
ecavyu.com | 217.26.70.56 | NONE | 15982 | VERAT-AS-1_Drustvo_za_telekomunikacije_Verat_d.o.o_Bulevar_Vojvode_Misica_37 | Serbia |
www.gioventi.nl | 94.75.226.130 | server2.securitydatabase.net. | 16265 | LEASEWEB_LeaseWeb_B.V. | Netherlands |
www.fotoflash.net.pl | 87.98.239.87 | cluster014.ovh.net. | 16276 | OVH_OVH_Systems | Poland |
sdpat.com | 203.158.16.38 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
sosonline.hireda.it | 74.50.95.116 | 74-50-95-116.static.hostdepartment.com. | 19318 | NJIIX-AS-1_-_NEW_JERSEY_INTERNATIONAL_INTERNET_EXCHANGE_LLC | UnitedStates |
torresaudio.com | 217.76.130.206 | llge806.servidoresdns.net. | 20718 | AS_ARSYS-EURO-1_arsys.es | Spain |
www.hojaverdegourmet.com | 64.46.67.186 | NONE | 23216 | MEGADATOS_S.A. | UnitedStates |
battery-marts.com | 66.79.169.166 | NONE | 23338 | ASN-DCS-01_-_DCS_Pacific_Star_LLC | UnitedStates |
www.austat.org.au | 66.147.226.104 | host70.hrwebservices.net. | 23535 | HOSTROCKET_-_HostRocket | UnitedStates |
terrassenschiebedach.de | 188.40.218.28 | vserver24.colo-server.net. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
www.happybabybag.com | 72.167.227.201 | ip-72-167-227-201.ip.secureserver.net. | 26496 | AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_LLC | UnitedStates |
anavets26.ca | 65.61.204.40 | hosting.innovationnetworks.com. | 26753 | IN2NET-NETWORK_In2Net_network_inc. | Canada |
camille2.xsalto.com | 81.200.35.2 | NONE | 28768 | XSALTO-AS_XSALTO | France |
gneho.com | 82.96.94.2 | baldur.vel.pl. | 29686 | PROBENETWORKS-AS_Probe_Networks | Germany |
www.chinatyremould.com | 66.232.101.195 | NONE | 29802 | HVC-AS_-_HIVELOCITY_VENTURES_CORP | UnitedStates |
pinnacleindustries.co.za | 69.36.188.100 | eezeenews.com. | 29854 | WESTHOST_-_WestHost_Inc. | UnitedStates |
www.ilfilodiariannaonlus.it | 62.149.140.227 | webx217.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
www.merkewibri.nl | 83.137.194.105 | server73.hosting2go.nl. | 34233 | SUPERIOR-AS_Superior_Internet_Services_AS_number | Netherlands |
colegiobilinguecuitlahuac.com | 72.249.55.79 | server70.neubox.net. | 36024 | COLO4-CO_-_Colo4_LLC | Canada |
shopanuleaf.com | 174.36.92.4 | NONE | 36351 | SOFTLAYER_-_SoftLayer_Technologies_Inc. | UnitedStates |
qhdxyz.com | 116.255.143.70 | NONE | 37943 | CNNIC-GIANT_ZhengZhou_GIANT_Computer_Network_Technology_Co._Ltd | China |
www.biggidea.com | 54.251.63.84 | ec2-54-251-63-84.ap-southeast-1.compute.amazonaws.com. | 38895 | AMAZON-AS-AP_Amazon.com_Tech_Telecom | UnitedStates |
triplog.nu | 217.70.32.136 | www1-php5.fordon.levonline.com. | 41175 | INTERNETBORDER_Internet_Border_Technolgies_AB | Sweden |
benfatto.ru | 77.234.201.3 | serv9-3.hostland.ru. | 42289 | VTC-ITMO-AS_Saint-Petersburg_State_University_of_Information_Technologies_Mechanics_and_Optics | RussianFederation |
ercanozcelik.net | 77.245.149.33 | srv75626s1.trdns.com. | 43391 | NETDIREKT-TR_Netdirekt_A.S. | Turkey |
mycctvs.com | 110.4.40.101 | NONE | 46015 | EXABYTES-AS-AP_Exa_Bytes_Network_Sdn.Bhd. | Malaysia |
www.theorchard-efca.org | 173.254.28.58 | just58.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
mtmzapchasti.ru | 79.174.72.131 | fe72-1.hc.ru. | 47385 | HOSTING-COMPANY-AS_Hosting_Company_RBC | RussianFederation |
www.belladonnabeauty.be | 193.202.110.130 | srv130.one.com. | 51468 | ONECOM_One.com_A/S | Netherlands |
indesai.info | 77.246.178.157 | indesai1mail.ea33.net. | 198149 | ASIDATAGREEN_IDATA_GREEN_CENTER_S.L. | Spain |
本体サイトはたとえばここ。
porschedesignrussia.ru
name | IP | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
porschedesignrussia.ru | 203.80.16.81 | ns1.myren.net.my. | 24514 | MYREN-MY_Malaysian_Research_&_Education_Network | Malaysia |
porschedesignrussia.ru | 213.17.171.186 | 213-17-171-186.ip.netia.com.pl. | 12741 | INTERNETIA-AS_Netia_SA | Poland |
porschedesignrussia.ru | 78.83.233.242 | ns.streambg.net. | 47366 | MVN-AS_MVN_Systems_Ltd | Bulgaria |
by jyake