Tuesday, 21 February 2012

Bombacash Affiliate (FakeAV)

Got a look today into a blackhole and i see a thread 'bomba' who have at payload the fakeAv 'internet security' (files/30) http://camas.comodo.com/cgi-bin/submit?file=46a7f464c66a300f38ff51faf4f7bc0a6057851cbade8b8f99ca452499683d32


So i've started to search and...


• dns: 1 ›› ip: 188.72.225.181 - adresse: BOMBACASH.WS
http://bombacash.ws/content/
http://bombacash.ws/templates/
http://bombacash.ws/modules/
http://bombacash.ws/images/
http://bombacash.ws/scripts/
http://bombacash.ws/css/
http://bombacash.ws/install/
http://bombacash.ws/stat/
http://bombacash.ws/classes/
http://bombacash.ws/error/
http://bombacash.ws/pay/
http://bombacash.ws/smarty/
http://bombacash.ws/fckeditor/
http://bombacash.ws/server-status/


Like for Money Racing i've searched a php info file


http://bombacash.ws/i.php ~
doc_root:    /home/admin/domains/bombacash.ws
DOCUMENT_ROOT:     /home/admin/domains/bombacash.ws/public_html
SERVER_ADMIN:     webmaster@bombacash.ws
System:     Linux host.mainserverda.com 2.6.35 #1 SMP Tue Oct 26 17:00:09 CEST 2010 x86_64

About Money Racing, the owner told me to have a look for bomba.


Login:

News:




Statistics:

Payement:

Terms:

Profile:

Malware download:

Top 20:

Frequently asked question:

Unpack:

Internet Security, like the one found in blackhole.

Malware download:
http://89.149.223.107/139.exe&key=a4664df4
http://89.149.223.107/187.exe&key=1db658ed

--
http://89.149.223.107/cvsync/

No comments:

Post a comment