1

Koobface 0x3e8 Folders and setup.exe Links

Koobface continues to tweet its assault on the twittersphere and social networking sites. Here is an abbreviated list of the more high volume Koobface urls that the ThreatFire community has been protected from over the past 48 hours. See a pattern here (DO NOT VISIT ANY OF THESE LINKS AND DOWNLOAD THE MALWARE SERVED THERE)?

84.109.178.7 /0x3e8/setup.exe
24.26.210.231 /0x3e8/setup.exe
70.55.53.249 /0x3e8/setup.exe
76.73.251.20 /0x3e8/setup.exe
62.0.89.172 /0x3e8/setup.exe
79.181.64.72 /0x3e8/setup.exe
66.25.232.104 /0x3e8/setup.exe
75.74.67.164 /0x3e8/setup.exe
24.174.63.153 /0x3e8/setup.exe
98.141.34.175 /0x3e8/setup.exe
83.185.64.203 /0x3e8/setup.exe
92.114.157.146 /1/PP.11.EXE
75.119.106.62 /0x3e8/setup.exe
71.76.142.141 /0x3e8/setup.exe
92.33.141.77 /0x3e8/setup.exe
98.197.95.169 /0x3e8/setup.exe
173.66.158.253 /0x3e8/setup.exe
174.96.77.152 /SETUP.EXE
76.73.251.20 /0x3e8/setup.exe
68.144.24.217 /0x3e8/setup.exe
174.42.228.14 /0x3e8/setup.exe
207.199.227.243 /SETUP.EXE
72.174.220.70 /0x3e8/setup.exe
81.245.19.99 /0x3e8/setup.exe
190.20.145.48 /0x3e8/setup.exe
65.71.236.57 /0x3e8/setup.exe
74.67.182.131 /0x3e8/setup.exe
88.74.12.80 /0x3e8/setup.exe
68.45.27.253 /0x3e8/setup.exe
77.210.43.169 /0x3e8/setup.exe
79.181.28.74 /0x3e8/setup.exe
76.126.23.249 /0x3e8/setup.exe
70.53.46.21 /0x3e8/setup.exe
24.113.132.233 /0x3e8/setup.exe
92.114.157.146 /1/FB.58.EXE
67.9.38.140 /0x3e8/setup.exe
75.187.74.2 /0x3e8/setup.exe
24.141.233.195 /0x3e8/setup.exe
75.34.65.250 /0x3e8/setup.exe
69.137.75.168 /0x3e8/setup.exe
84.109.35.166 /0x3e8/setup.exe
65.50.33.145 /0x3e8/setup.exe

Obviously, this is a fairly well automated scheme. The site locations are scattered throughout the globe. All the sites that we have visited serve up the same rather uninspired video presentation with a familiar and phony “Flash Player upgrade required” page. It serves malicious Koobface binaries from a most likely fictitious Bruno Carlot and his video about Hong Kong:

As always, exercise a high level of caution when reading tweets with links, and add a behavioral layer of protection to your system.

This entry was posted in The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>