Android "GoldDream" malware server still alive
FYI...
Android "GoldDream" malware server still alive
- http://community.websense.com/blogs...lware-quot-golddream-quot-is-still-alive.aspx
12 Apr 2012 - "Many anti-virus vendors have reported on and dissected the suspicious and malicious Android "GoldDream" malware threat. The C&C server (lebar .gicp. net)... hosts this -malware-... this C&C server is still alive after several months and is still serving users with "GoldDream" malware... Websense... has blocked the malware server sites, out of the 19 vendors listed by VirusTotal*... The malware site mainly targets users in China, masquerading as a normal Android apps distribution site. The site makes use of a fake certificate and registration... information to lure more customers, and is placed at the bottom of the listed app sites in a bid to advertise itself as a good reputation site... We have analyzed all the available free Android apps on the site (23 in total). 18 of these apps contain "GoldDream" malware. These are normal game apps which are re-packaged to include malicious code... We strongly suggest that users refrain from downloading and installing apps from untrusted 3rd party sources..."
* https://www.virustotal.com/url/d4ea...c13ad697649f57c181412b8a3f507dacb51/analysis/
Normalized URL: http ://lebar .gicp .net/
Detection ratio: 1/25
Analysis date: 2012-04-12 09:32:49 UTC
___
- http://google.com/safebrowsing/diagnostic?site=gicp.net/
"... 222 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-04-12, and the last time suspicious content was found on this site was on 2012-04-12. Malicious software includes 206 scripting exploit(s), 121 exploit(s), 30 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine. Malicious software is hosted on 90 domain(s)... 92 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site... This site was hosted on 15 network(s) including AS32475 (SINGLEHOP), AS4134 (China Telecom backbone), AS4837 (CNC)... Over the past 90 days, gicp.net appeared to function as an intermediary for the infection of 13 site(s)... It infected 9 domain(s)..."
- http://centralops.net/co/DomainDossier.aspx
... canonical name - gicp .net
aliases
addresses 74.82.185.218
Recommended add to BLACKLIST
FYI...
Android "GoldDream" malware server still alive
- http://community.websense.com/blogs...lware-quot-golddream-quot-is-still-alive.aspx
12 Apr 2012 - "Many anti-virus vendors have reported on and dissected the suspicious and malicious Android "GoldDream" malware threat. The C&C server (lebar .gicp. net)... hosts this -malware-... this C&C server is still alive after several months and is still serving users with "GoldDream" malware... Websense... has blocked the malware server sites, out of the 19 vendors listed by VirusTotal*... The malware site mainly targets users in China, masquerading as a normal Android apps distribution site. The site makes use of a fake certificate and registration... information to lure more customers, and is placed at the bottom of the listed app sites in a bid to advertise itself as a good reputation site... We have analyzed all the available free Android apps on the site (23 in total). 18 of these apps contain "GoldDream" malware. These are normal game apps which are re-packaged to include malicious code... We strongly suggest that users refrain from downloading and installing apps from untrusted 3rd party sources..."
* https://www.virustotal.com/url/d4ea...c13ad697649f57c181412b8a3f507dacb51/analysis/
Normalized URL: http ://lebar .gicp .net/
Detection ratio: 1/25
Analysis date: 2012-04-12 09:32:49 UTC
___
- http://google.com/safebrowsing/diagnostic?site=gicp.net/
"... 222 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-04-12, and the last time suspicious content was found on this site was on 2012-04-12. Malicious software includes 206 scripting exploit(s), 121 exploit(s), 30 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine. Malicious software is hosted on 90 domain(s)... 92 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site... This site was hosted on 15 network(s) including AS32475 (SINGLEHOP), AS4134 (China Telecom backbone), AS4837 (CNC)... Over the past 90 days, gicp.net appeared to function as an intermediary for the infection of 13 site(s)... It infected 9 domain(s)..."
- http://centralops.net/co/DomainDossier.aspx
... canonical name - gicp .net
aliases
addresses 74.82.185.218
Recommended add to BLACKLIST
Last edited: