[nsp-sec] MSN spam bot - drive by download page being spammed
Jose Nazario
jose at arbor.net
Wed Jul 9 09:28:08 EDT 2008
saw this in our analysis
* C&C Server: zaza.pimplesbright.com (66.252.13.195):3211
* Server Password:
* Username: klradaqg
* Nickname: klradaqg
* Channel: #zaza#
* Channel topic: :.msn.msg hey lo0ok at this pictuer!!
hXXp://charlesjr.com
that website hosts a naked (unobfuscated) MS06-014 exploit which gets you
to download /new.exe.
net is live. the IP is in DNS RR, not sure if the port is.
--
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list