Results 1 to 10 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2012-04-12, 13:03 #10
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Android "GoldDream" malware server still alive

    FYI...

    Android "GoldDream" malware server still alive
    - http://community.websense.com/blogs/...ill-alive.aspx
    12 Apr 2012 - "Many anti-virus vendors have reported on and dissected the suspicious and malicious Android "GoldDream" malware threat. The C&C server (lebar .gicp. net)... hosts this -malware-... this C&C server is still alive after several months and is still serving users with "GoldDream" malware... Websense... has blocked the malware server sites, out of the 19 vendors listed by VirusTotal*... The malware site mainly targets users in China, masquerading as a normal Android apps distribution site. The site makes use of a fake certificate and registration... information to lure more customers, and is placed at the bottom of the listed app sites in a bid to advertise itself as a good reputation site... We have analyzed all the available free Android apps on the site (23 in total). 18 of these apps contain "GoldDream" malware. These are normal game apps which are re-packaged to include malicious code... We strongly suggest that users refrain from downloading and installing apps from untrusted 3rd party sources..."
    * https://www.virustotal.com/url/d4ea2...cb51/analysis/
    Normalized URL: http ://lebar .gicp .net/
    Detection ratio: 1/25
    Analysis date: 2012-04-12 09:32:49 UTC
    ___

    - http://google.com/safebrowsing/diagn...site=gicp.net/
    "... 222 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-04-12, and the last time suspicious content was found on this site was on 2012-04-12. Malicious software includes 206 scripting exploit(s), 121 exploit(s), 30 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine. Malicious software is hosted on 90 domain(s)... 92 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site... This site was hosted on 15 network(s) including AS32475 (SINGLEHOP), AS4134 (China Telecom backbone), AS4837 (CNC)... Over the past 90 days, gicp.net appeared to function as an intermediary for the infection of 13 site(s)... It infected 9 domain(s)..."

    - http://centralops.net/co/DomainDossier.aspx
    ... canonical name - gicp .net
    aliases
    addresses 74.82.185.218

    Recommended add to BLACKLIST

    Last edited by AplusWebMaster; 2012-04-12 at 16:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules