Exploit Cyber-search.biz
Exploit Cyber-search.biz is the detection name for a group of software components that were installed through a security hole. The following are some of the URLs that appeared in the network log:
hxxp://promo.dollarrevenue.com/activex/promocache/3436342D2D2D.exe
hxxp://code.jcash.biz/l/f4831740c2b4b66f7245653d8657b954_13.exe
hxxp://85.255.117.53/bt/4/s1s//index.chm
hxxp://85.255.117.53/bt/4/s1s//index.exe
hxxp://cyber-search.biz/cyber.wmf
hxxp://cyber-search.biz/loader.exe
hxxp://search-biz.biz/dnlsvc.exe
hxxp://2005-search.com/go.exe
hxxp://www.webmastersmafia.com/counter.exe
hxxp://www.best-thumbs.net/stats/load.exe
hxxp://download.alfacleaner.com/setup.exe
hxxp://psguard.com/loader/inf/116.exe
hxxp://download.jupitersatellites.biz/traff/ppiigg.exe
hxxp://www.voghp.com/bho/update.exe
hxxp://zabywjwzlr.biz/dl/loadadv406.exe
hxxp://205.177.122.100/G1/8GKin2mlaHMKOi8lfF1y5.exe
hxxp://download.systemdoctor.com/files/ installers/SystemDoctor2006FreeInstall.exe
hxxp://count.hitscount.net/updinst/krab02/gall2236.exe
It Installs without user consent
Files are ---
0xf9.exe, secure32.html, splp.exe, tpjtsip.exe, xecn.exe, windrv.exe, ryads.exe, ybbga.exe, ms-7.exe, counter.exe, file.exe, file2.exe, ie.exe, load.exe, uninstDsk.exe, warnhp.html, TheMatrixHasYou.exe, msdirect.sys, sdfdil.exe, taskmgn.exe, win32hlp.exe, winbrume.dll |
