WordPressのpluginsフォルダにmail.htm
Published: 2012/10/17
観測日: 2012/10/16
通数: 200通/day
手法: 誘導URL型
目的: マルウェア感染
BHEK2がらみですよね。
今回は、特定のネタではなくさまざまな文面が利用されてますが、この文面が一番多いようです。
今回の特徴は誘導URLにつかわれているhtmlファイルがpluginsかthemeフォルダにおかれています。
http://abstract.nassassin.com/wp-content/plugins/counterize/mail.htm http://affairsoftheheart.rocus.org/wp-content/themes/twentyten/mail.htm http://assistedlivingwestminsterco.com/wp-content/plugins/zadassoaqrm/mail.htm http://beshapebyrossen.com/wp-content/plugins/akismet/mail.htm http://blog.asiatraveladvisor.com/wp-content/plugins/seo-ultimate/mail.htm http://blog.ghb.pl/wp-content/themes/classic/mail.htm http://blog.maciejgas.com/wp-content/plugins/akismet/mail.htm http://blog.smartphones.pk/wp-content/plugins/zfuyudfobic/mail.htm http://blurayplayerbargains.com/wp-content/themes/twentyten/mail.htm http://cajolable.com/wp-content/themes/benevolence/mail.htm http://css.webtm.ru/wp-content/plugins/zasqiuhomew/mail.htm http://darmowesexanonse.pl/wp-content/themes/twentyeleven/mail.htm http://desfundare-canalizare.ro/wp-content/plugins/mail.htm http://euro-business.com.pl/wp-content/themes/twentyeleven/mail.htm http://fugyourcms.com/wp-content/plugins/disable-wpautop/mail.htm http://gruene-pforzheim-enz.de/wp-content/plugins/akismet/mail.htm http://ha.falmouthjournalism.co.uk/wp-content/themes/twentyten/mail.htm http://haskovoi.com/wp-content/themes/twentyten/mail.htm http://jasonhowell.com/wp-content/plugins/akismet/mail.htm http://laboratoryproductions.com/wp-content/plugins/mail.htm http://linkfan.neteasy.pl/wp-content/plugins/akismet/mail.htm http://odessa.illion-ua.com/wp-content/themes/Sensation/mail.htm http://omstart10.onboxmedia.com/wp-content/plugins/akismet/mail.htm http://pandorco.com/wp-content/themes/twentyten/mail.htm http://pdrtl.in/wp-content/plugins/akismet/mail.htm http://priori.neconserver.pl/wp-content/plugins/zjrueppebau/mail.htm http://scottishpebbles.co.uk/wp-content/plugins/mail.htm http://sea-partner.com/wp-content/plugins/authimage/mail.htm http://spalnobelio.eu/wp-content/themes/default/mail.htm http://sportslegendsonline.com/wp-content/themes/twentyten/mail.htm http://terreros.es/wp-content/themes/mobile_pack_base/mail.htm http://top20.volle-information.de/wp-content/themes/seo_theme_1/mail.htm http://vampireavatar.com/wp-content/themes/twentyten/mail.htm http://vestberries.com/wp-content/themes/sliding-door/mail.htm http://www.0cx.org/wp-content/plugins/recent-google-searches-widget/mail.htm http://www.39moto.ru/wp-content/plugins/flv-player/mail.htm http://www.39moto.ru/wp-content/plugins/superb-slideshow/mail.htm http://www.aenton.se/wp-content/plugins/mail.htm http://www.aracotokiralama.com/wp-content/plugins/eklentiler/mail.htm http://www.blog.asociaciongeografica.com/wp-content/plugins/wp-hashcash/mail.htm http://www.cemocan24.eu.gg/wp-content/themes/twentyeleven/mail.htm http://www.chalkhousegreenfarm.co.uk/wp-content/themes/twentyeleven/mail.htm http://www.cketch.com/wp-content/plugins/wp-statistics/mail.htm http://www.dikk.it/wp-content/themes/twentyten/mail.htm http://www.fernandapinochetgeissecl/wp-content/plugins/wp-hashcash/mail.htm http://www.folkcure.ru/wp-content/themes/twentyeleven/mail.htm http://www.fotoceramica.co.il/wp-content/plugins/rtler/mail.htm http://www.giorno.ro/wp-content/plugins/configurable-tag-cloud-widget/mail.htm http://www.handygalaxy.com/wp-content/plugins/mail.htm http://www.hwnetwork.com/wp-content/plugins/zkcrhevioeo/mail.htm http://www.hy991.com/wp-content/plugins/akismet/mail.htm http://www.ilgiracose.it/wp-content/plugins/zueoxooirue/mail.htm http://www.inevco.ca/wp-content/themes/twentyeleven/mail.htm http://www.katalogus.msnfan.hu/wp-content/plugins/zweejobmlow/mail.htm http://www.kuponkonyv.com/wp-content/plugins/azigen/mail.htm http://www.lihovinky.cz/wp-content/themes/default/mail.htm http://www.namethecar.com/wp-content/plugins/tweet-this/mail.htm http://www.odiseya.net/wp-content/themes/twentyten/mail.htm http://www.rebeccasantillo.com/wp-content/themes/twentyten/mail.htm http://www.reclame-video.ro/wp-content/themes/wallow/mail.htm http://www.relief-for-anxiety.com/wp-content/themes/twentyeleven/mail.htm http://www.renataoosterveen.nl/wp-content/plugins/znhefbeunia/mail.htm http://www.sandiegodefenseattorney.org/wp-content/plugins/komoona-ads-google-adsense-companion/mail.htm http://www.schafhof-drachenhoehle.de/wp-content/plugins/slimbox/mail.htm http://www.strathconacondo.org/wp-content/themes/twentyeleven/mail.htm http://www.thechambrangs.be/wp-content/themes/twentyeleven/mail.htm http://www.tommylin.com/wp-content/plugins/mail.htm http://www.vivaesperanza.org/wp-content/plugins/zmwyopuvejl/mail.htm http://www.watchesehot.com/wp-content/plugins/akismet/mail.htm http://www.westparkpc.com/wp-content/plugins/add-to-any/mail.htm http://www.witt-hahn.com/wp-content/plugins/zogojtedgaa/mail.htm
domain | ip | 逆引き | AS | AS Name | Country | |
---|---|---|---|---|---|---|
blurayplayerbargains.com | 207.7.92.91 | host.wpcashgenerators.com. | 558 | NET2EZ_-_Net2EZ | UnitedStates | |
www.reclame-video.ro | 212.146.82.5 | server30.romania-webhosting.com. | 5606 | KQRO_GTS_Telecom_SRL | Romania | |
affairsoftheheart.rocus.org | 209.51.180.253 | brown.mayfirst.org. | 6939 | HURRICANE_-_Hurricane_Electric_Inc. | UnitedStates | |
www.thechambrangs.be | 62.182.62.174 | 174-62.182.62.static.priorweb.net. | 8201 | EVONET_XS4ALL_Belgium_NV | Belgium | |
omstart10.onboxmedia.com | 193.107.69.81 | host-193-107-69-81.superhosting.bg. | 8262 | LIREXNET-AS_Lirex_net_EOOD | Bulgaria | |
www.katalogus.msnfan.hu | 195.70.57.139 | s24.mediacenter.hu. | 8358 | INTERWARE-AS_GTS_Hungary_Tavkozlesi_Ktf. | Hungary | |
gruene-pforzheim-enz.de | 82.165.74.241 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany | |
pandorco.com | 87.106.192.250 | clienteservidor.es. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Spain | |
terreros.es | 87.106.195.204 | clienteservidor.es. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Spain | |
www.schafhof-drachenhoehle.de | 82.165.84.1 | NONE | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany | |
www.aracotokiralama.com | 188.138.16.83 | ns42.kebirhost.com. | 8972 | PLUSSERVER-AS_intergenia_AG | Germany | |
css.webtm.ru | 92.53.96.240 | leonov.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation | |
sportslegendsonline.com | 196.41.139.42 | za1.circle.co.za. | 12258 | MWEB-12258 | SouthAfrica | |
www.ilgiracose.it | 217.64.195.216 | w-07.th.seeweb.it. | 12637 | SEEWEB_Seeweb_s.r.l. | Italy | |
beshapebyrossen.com | 193.107.36.80 | server18.host.bg. | 13147 | NETINFO_NetInfo_Ltd. | Bulgaria | |
www.odiseya.net | 184.75.248.132 | 132.248.75.184.static.intovps.com. | 13354 | ASN-EBLGLOBAL_-_EBL_Global_Networks_Inc. | UnitedStates | |
blog.smartphones.pk | 75.101.133.97 | ec2-75-101-133-97.compute-1.amazonaws.com. | 14618 | AMAZON-AES_-_Amazon.com_Inc. | UnitedStates | |
www.handygalaxy.com | 89.31.143.100 | NONE | 15598 | IP-EXCHANGE_IP_Exchange_GmbH | Germany | |
www.lihovinky.cz | 217.11.249.138 | locutus.blueboard.cz. | 15685 | CASABLANCA-AS_Casablanca_INT_Autonomous_system | CzechRepublic | |
blog.maciejgas.com | 77.55.99.147 | adv147.rev.netart.pl. | 15967 | NETART_NetArt_Spolka_Akcyjna_Spolka_Komandytowo-Akcyjna | Poland | |
www.giorno.ro | 95.211.171.72 | web332.webfaction.com. | 16265 | LEASEWEB_LeaseWeb_B.V. | Netherlands | |
www.hy991.com | 180.86.123.80 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China | |
vestberries.com | 64.92.120.35 | paidvm5.limedomains.com. | 18779 | EGIHOSTING_-_EGIHosting | UnitedStates | |
www.inevco.ca | 174.120.16.66 | dewey.site5.com. | 21844 | THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc. | UnitedStates | |
www.chalkhousegreenfarm.co.uk | 89.200.139.14 | hughead1.miniserver.com. | 24931 | DEDIPOWER_DediPower_Managed_Hosting_Limited | UnitedKingdom | |
priori.neconserver.pl | 78.46.66.249 | static.249.66.46.78.clients.your-server.de. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany | |
www.cemocan24.eu.gg | 46.4.149.201 | static.201.149.4.46.clients.your-server.de. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany | |
www.kuponkonyv.com | 46.4.102.41 | server2.hosting55.com. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany | |
top20.volle-information.de | 178.254.62.12 | s05.speicheranbieter.de. | 24989 | IXEUROPE-DE-FRANKFURT-ASN_Equinix_Germany_(Previously_IX_Europe_Germany_AS) | Germany | |
abstract.nassassin.com | 75.119.207.8 | apache2-grog.cloak.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
darmowesexanonse.pl | 69.163.226.8 | apache2-igloo.seoul.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
euro-business.com.pl | 69.163.226.8 | apache2-igloo.seoul.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
fugyourcms.com | 173.236.173.161 | apache2-vat.crate.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
www.0cx.org | 173.236.190.174 | apache2-goo.pegasus.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
www.blog.asociaciongeografica.com | 69.163.159.170 | apache2-joker.bishop.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
www.tommylin.com | 69.163.137.48 | apache2-rank.kings.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
www.westparkpc.com | 69.163.174.21 | ps14951.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates | |
blog.ghb.pl | 94.152.8.55 | host55.kei.pl. | 29522 | KEI_Krakowskie_e-Centrum_Informatyczne_JUMP | Poland | |
www.cketch.com | 66.96.147.104 | 104.147.96.66.static.eigbox.net. | 29873 | BIZLAND-SD_-_The_Endurance_International_Group_Inc. | UnitedStates | |
www.dikk.it | 62.149.140.151 | webx141.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy | |
vampireavatar.com | 205.186.179.231 | ekiaioicea.c08.mtsvc.net. | 31815 | MEDIATEMPLE_-_Media_Temple_Inc. | UnitedStates | |
www.watchesehot.com | 72.41.118.42 | rev.opentransfer.com.42.118.41.72.in-addr.arpa. | 32392 | OPENTRANSFER-ECOMMERCE_-_Ecommerce_Corporation | UnitedStates | |
blog.asiatraveladvisor.com | 184.171.250.19 | 184-171-250-19.static.dimenoc.com. | 33182 | DIMENOC_-_HostDime.com_Inc. | UnitedStates | |
www.relief-for-anxiety.com | 198.31.50.68 | host44.my-ehost.com. | 33724 | BIZNESSHOSTING_-_VOLICO | UnitedStates | |
www.strathconacondo.org | 184.173.9.232 | pea.pearlwhitemediahosting.com. | 36351 | SOFTLAYER_-_SoftLayer_Technologies_Inc. | UnitedStates | |
laboratoryproductions.com | 203.170.86.193 | cp3-virtual.syra.net.au. | 38719 | AUSTDOM-AS-AP_Aust_Domains_International_Pty_Ltd. | Australia | |
www.renataoosterveen.nl | 94.124.93.142 | keurigonline30.nl. | 39704 | CJ2-AS_CJ2_Hosting&Development | Netherlands | |
desfundare-canalizare.ro | 93.119.227.32 | NONE | 39743 | VOXILITY-AS_Voxility_S.R.L. | Romania | |
pdrtl.in | 208.91.198.132 | cp-18.webhostbox.net. | 40034 | CONFLUENCE-NETWORK-INC_-_Confluence_Networks_Inc | VirginIslands | |
www.aenton.se | 195.74.38.93 | cl-09.atm.binero.net. | 41528 | ALEBORG-AS_Binero_AB | Sweden | |
www.39moto.ru | 77.222.40.78 | hydra.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation | |
www.folkcure.ru | 77.222.56.31 | stockholm.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation | |
assistedlivingwestminsterco.com | 66.147.244.75 | box775.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
cajolable.com | 74.220.202.35 | host35.hostmonster.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
jasonhowell.com | 66.147.244.154 | box654.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
odessa.illion-ua.com | 74.220.215.80 | host280.hostmonster.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
www.fotoceramica.co.il | 74.220.215.73 | host273.hostmonster.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
www.hwnetwork.com | 69.89.31.124 | box324.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
www.namethecar.com | 69.89.31.144 | box344.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
www.rebeccasantillo.com | 66.147.244.227 | box727.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
www.sandiegodefenseattorney.org | 66.147.244.96 | box796.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
www.vivaesperanza.org | 66.147.244.239 | box739.bluehost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates | |
haskovoi.com | 91.215.216.46 | sea.icnhost.net. | 49699 | ICN-BG_Internet_Corporated_Networks_Ltd. | Bulgaria | |
sea-partner.com | 91.215.216.16 | sun.icnhost.net. | 49699 | ICN-BG_Internet_Corporated_Networks_Ltd. | Bulgaria | |
spalnobelio.eu | 91.215.216.44 | north.icnhost.net. | 49699 | ICN-BG_Internet_Corporated_Networks_Ltd. | Bulgaria | |
www.witt-hahn.com | 193.202.110.193 | srv193.one.com. | 51468 | ONECOM_One.com_A/S | Netherlands | |
scottishpebbles.co.uk | 5.28.58.74 | nodns.hyliahub.com. | 58117 | SWORDFISH_Swordfish_Hosting_Limited | UnitedKingdom | |
linkfan.neteasy.pl | 178.19.104.90 | hosted-by.slaskdatacenter.pl. | 59491 | LIVENET-PL_Livenet_Sp._z_o.o. | Poland |
by jyake