1

Downloader Updates

Around the 17th of this month, the relentless malware distribution gang serving up malicious downloaders in a variety of scams and “headline malware” schemes moved their wares from 95.211.8.20, as described in a previous post, to their newest location at 95.211.8.21. Their phony codec file naming scheme has changed slightly yet again:

update_flash_plugin.v.40013.exe

95.211.8.21
alsexe.com
astexe.com
callexe.com
domainexe.com
helpexe.com
helpexeguide.com
homeexeguide.com
loadexedirect.com
sitespacesexe.com
texeguide.com
thetestexe.com
topexeonline.com

As always, be sure to add a layer of behavioral detection to your system. Detection for these downloaders are generally poor with the FakeAv payloads receiving more attention but not 100%.

This entry was posted in The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>