Skip navigation.
Home

is there a package behind these?

|

I just keep seeing downloaders trying links like
http://acdedblshd.com/progs/iooyp/mzznre.php
http://acdedblshd.com/progs/iooyp/nkxbc.php
http://acdedblshd.com/progs/iooyp/plmzrevwn
http://acdedblshd.com/progs/iooyp/rxlyddhv.php
http://acdedblshd.com/progs/iooyp/vsskkbc.php

Does someone know if there's a malware package(icepack, mpack, ..)? or any other info if you'd like to share about this :D

I don't know

Those links appear to be down. Id have to actually look at the code and site to tell you but I wouldn't be suprised.

V.

some alive links :D

http://acdedblshd.com/progs/agdquiv/marrfwan.php
http://acdedblshd.com/progs/kqrevjn/ymqdii.php
http://acdedblshd.com/progs/tdarf/lmmqrv.php
http://acdedblshd.com/progs/tdarf/nwabo
http://acdedblshd.com/progs/tdarf/sgxllcqhhy.php
http://acdedblshd.com/progs/tdarf/vsskkopgtx.php

these one seem to be up :D (at 12:28 29.03.2008)

good luck and hope it helps :)

they are all

Actually executables, not php files, they all have different md5sums and at least two of them are packed with FSG. All of them appear packed with something. They are all different file sizes.

V

I posted the question here

I posted the question here hoping to find out if there is an exploit-package or smth like that (like icepack, mpack, nuclear etc..) and if, maybe, there is an admin page responsible and, eventually, if it's vulnerable to smth. :)

hope my English doesn't suck so much :)

Tibs....Frogs....iframedollar

Tibs....Frogs....iframedollar group working under new name.

another interesting fact

another interesting fact about these links is this http://cert.uni-stuttgart.de/stats/dns-replication.php?query=85.255.121.195 .. well.. the names seem to be random, 10 characters long. is it fastflux? how do you know for sure whether it's fastflux?

well. iframedollar you say. thanks. gtgg (got to go googling:D)

have a nice day