cNotes 検索 一覧 カテゴリ

BBB - bbb-0923.html

Published: 2012/02/25

観測日: 2012/2/22 1日だけ

通数: 400通/day

手法: メール文中に誘導リンク

目的: javaの脆弱性を利用した攻撃等→アカウント情報を盗む、FakeAV等

特徴: URLにbbb-0923.html

ひきつづきBBB系+java系の脆弱性狙いのバリエーションです。


手法は全く同じなので省略。

文中のリンクに使われるサイトですが

様々な国のサイトが利用されていますが、htmlファイルを設置する場所が下記のようになっていて、改竄に利用するサイトのカテゴリがonlineshop系を多く含まむようになっているようにも見えます。

 XXXXX/catalog/bbb-0923.html
 XXXXX/store/images/bbb-0923.html
 XXXXX/bookshop/images/bbb-0923.html
 XXXXX/shop/bbb-0923.html 
 XXXXX/images/bbb-0923.html 
 XXXXX/catalog/images/bbb-0923.html 

まぁ、攻撃に利用しているサイトリストの影響だとは思いますが。。。

domainip逆引きASAS Name
dcinformatica.it46.28.4.21spartacus.dnshigh.com.1267ASN-INFOSTRADA_Infostrada_S.p.A.Italy
apps.mona.uwi.edu196.3.0.143NONE3586UWI_ASN-UWIJamaica
bookshop.mona.uwi.edu196.3.0.143NONE3586UWI_ASN-UWIJamaica
parfumuri.shopclick.ro89.42.216.150server-0119.whmpanels.com.5606KQRO_GTS_Telecom_SRLRomania
buytoyguns.com216.164.205.63www.buytoyguns.com.6079RCN-AS_-_RCN_CorporationUnitedStates
check-aribau.es62.57.72.9962.57.72.99.dyn.user.ono.com.6739ONO-AS_Cableuropa_-_ONOSpain
redhotnights.com109.108.135.125mail.weaveaweb.co.uk.8553AVENSYS_Avensys_Networks_LtdUnitedKingdom
access2roues.com213.165.85.44s15313326.onlinehome-server.info.8560ONEANDONE-AS_1&1_Internet_AGGermany
katzfarm.katzandco.com74.208.105.59NONE8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
secure.hosts.co.uk85.233.160.70lb1.namesco.net.8622ISIONUK_Namesco_LimitedUnitedKingdom
thelogoworkshop.co.uk85.233.160.70lb1.namesco.net.8622ISIONUK_Namesco_LimitedUnitedKingdom
vivasportt.ro86.35.15.216www6.linux.romtelecom.net.9050RTD_ROMTELECOM_S.ARomania
ehandelonline.com212.97.132.142ws42.surf-town.net.9120COHAESIONET_Cohaesio_A/SDenmark
vcmaudio.com27.254.36.215linux1.ibiznetwork.com.9891CSLOX-IDC-AS-AP_CS_LOXINFO_Public_Company_Limited.Thailand
oscommerce.elektrohurt.net.pl89.161.250.238v2081514.home.net.pl.12824HOMEPL-AS_home.pl_autonomous_systemPoland
redspotdeals.com107.22.170.103ec2-107-22-170-103.compute-1.amazonaws.com.14618AMAZON-AES_-_Amazon.com_Inc.UnitedStates
amazonandbeyond.com98.136.92.206p4p.geo.vip.ac4.yahoo.com.14778INKTOMI-LAWSON_-_Inktomi_CorporationUnitedStates
vault1.secured-url.com213.171.193.251server213-171-193-251.livedns.org.uk.15418FASTHOSTS-INTERNET_Fasthosts_Internet_Ltd._Gloucester_UK.UnitedKingdom
mniammniam.com62.121.130.115klopsik.mniammniam.pl.15541CETI-AS_CETI_s.c.Poland
mjmm.nazwa.pl77.55.50.70aby70.rev.netart.pl.15967NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-AkcyjnaPoland
proagrinca.corpwakd.net64.8.113.13web05.rcahost.net.17393TRIPNET-HOU_-_Trip.net_Inc.UnitedStates
pcinfo.rs.ba173.199.177.84mdm.fantasticno.com.19066WIREDTREE_-_Cogswell_Enterprises_Inc.UnitedStates
megamakeupstore.com216.171.167.152megamakeupstore.com.20155OCO-1_-_ORANGE_COUNTY_ONLINEUnitedStates
republicofgamers.com.ar96.9.162.396-9-162-3.static.hostnoc.net.21788NOC_-_Network_Operations_Center_Inc.UnitedStates
kickinggearstore.com217.15.81.2727-81-15-217.reverse.alphalink.fr.25540ALPHALINK-AS_Alphalink_ISPFrance
creaturecomfortsinc.com72.18.198.99lasvegas-nv-datacenter.com.26277PREMIANET_-_Las_Vegas_NV_DatacenterUnitedStates
sexxxvault.com173.236.246.149sexxxvault.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
dragon-software.info50.63.75.1p3nlhg372c1372.shr.prod.phx3.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_Inc.UnitedStates
oldbitpc.it188.121.58.1n1nlhg64c118.shr.prod.ams1.secureserver.net.26496AS-26496-GO-DADDY-COM-LLC_-_GoDaddy.com_Inc.Netherlands
bestmonogram.com173.239.7.190NONE27257WEBAIR-INTERNET_-_Webair_Internet_Development_Company_Inc.UnitedStates
bramygarazowe.biz.pl94.152.8.10host10.kei.pl.29522KEI_Krakowskie_e-Centrum_Informatyczne_JUMPPoland
allfloridahosting.com65.254.231.12965-254-231-129.yourhostingaccount.com.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
dcomlao.com65.254.250.10365-254-250-103.yourhostingaccount.com.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
taylored.startlogic.com66.96.134.4040.134.96.66.static.eigbox.net.29873BIZLAND-SD_-_The_Endurance_International_Group_Inc.UnitedStates
cravattificioitaliano.it62.149.128.151mxavas.aruba.it.31034ARUBA-ASN_Aruba_S.p.A._-_NetworkItaly
cravattificioitaliano.it62.149.128.154mxd7.aruba.it.31034ARUBA-ASN_Aruba_S.p.A._-_NetworkItaly
cravattificioitaliano.it62.149.128.157mxd8.aruba.it.31034ARUBA-ASN_Aruba_S.p.A._-_NetworkItaly
cravattificioitaliano.it62.149.128.160mxd1.aruba.it.31034ARUBA-ASN_Aruba_S.p.A._-_NetworkItaly
cravattificioitaliano.it62.149.128.163mxd2.aruba.it.31034ARUBA-ASN_Aruba_S.p.A._-_NetworkItaly
cravattificioitaliano.it62.149.128.166mxd3.aruba.it.31034ARUBA-ASN_Aruba_S.p.A._-_NetworkItaly
jadefashion.com67.225.234.241NONE32244LIQUID-WEB-INC_-_Liquid_Web_Inc.UnitedStates
in.somnia.us98.131.36.2rev.opentransfer.com.2.36.131.98.in-addr.arpa.32392OPENTRANSFER-ECOMMERCE_-_Ecommerce_CorporationUnitedStates
musiciansmall.in180.149.240.79RX2117.rapidns.com.33480WEBWERKSAS1_-_Web_WerksIndia
ksauctiononline.com173.165.54.52web2.beckteck.net.33491COMCAST-33491_-_Comcast_Cable_Communications_Inc.UnitedStates
electro-magi.ro188.240.3.156156-3-static.mxserver.ro.35818WEBFACTOR-AS_Webfactor_SRLRomania
winnerscirclesoftware.com65.99.207.15winnerscirclesoftware.com.36024COLO4-CO_-_Colo4_LLCUnitedStates
34chowringeelane.com184.172.15.146184.172.15.146-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
jainarayan.in75.126.196.19975.126.196.199-static.reverse.softlayer.com.36351SOFTLAYER_-_SoftLayer_Technologies_Inc.UnitedStates
trendyfashion.ro31.14.179.2831.14.179.28.paginieuropene.ro.40975CHML-AS_CHML_WEB_SERVICES_SRLRomania
users.atw.hu88.151.96.4users.atw.hu.41075ATW-AS_ATW_Internet_Kft.Hungary
jlservice.fr195.114.18.160195-114-18-160.ispfr.net.41186ISPFR-AS_AZURA_NETWORKSFrance
ondevit.com195.20.9.29mamola.eatserver.nl.42949WWW-EATSERVER-NL_Eatserver.nlNetherlands
indiangiftbazaar.com115.124.123.216NONE45815HOSTCOIN-AS-IN-AP_ESDS_Software_Solution_Pvt._Ltd.India
bookworld.no188.94.217.55sherman.teknograd.no.56867TEKNOGRAD-AS_Teknograd_ASNorway

[カテゴリ:spam観察日記]

by jyake