[Emerging-Sigs] Malwareurl.com Top 250 Update

jason.weir@nhrs.org jason.weir at nhrs.org
Mon Oct 24 04:02:38 EDT 2011


MalwareURL.com Data Contains 317781 Entries - Here are the top 250 (88496)

#    Signature       URI                                                                    Count    Description                                       
----------------------------------------------------------------------------------------------------------------

1    2012392         download/Setup_2005.exe                                                2013     fast flux rogue antivirus                         
2    2011496         ~malak/PIC007-JPG-www.facebook.com.exe                                 1398     trojan buzus                                      
3    2011220         ~toxicok/wp-content/languages/home.exe                                 1298     virtool vbinject                                  
4    2011220         ~toxicok/wp-content/languages/nicenice.exe                             1298     virtool vbinject                                  
5    2011895         ~aaitsol1/networks.php                                                 971      exploits                                          
6    2010716         wywg/cqwz/sqkiwg.exe                                                   944      trojan onlinegames                                
7    2010716         wywg/mxd/mioslwer.exe                                                  944      trojan onlinegames                                
8    2010716         wywg/my/myxyjgj.exe                                                    944      trojan onlinegames                                
9    2010716         wywg/chd/lpspwt67.exe                                                  944      trojan onlinegames                                
10   2010716         wywg/txer/sitoswd.exe                                                  944      trojan onlinegames                                
11   2010716         wywg/dxcys/ordinary.exe                                                944      trojan onlinegames                                
12   2010716         wywg/dh2/barley.exe                                                    944      trojan onlinegames                                
13   2010716         wywg/cqwz/mfwgsw.exe                                                   944      trojan onlinegames                                
14   2010716         wywg/mssj/brittle.exe                                                  944      trojan onlinegames                                
15   2010716         wywg/dxcys/Wilhelm.exe                                                 944      trojan onlinegames                                
16   2010716         wywg/rxcq/market.exe                                                   944      trojan onlinegames                                
17   2010716         wywg/mxd/kpske3.exe                                                    944      trojan onlinegames                                
18   2010716         wywg/wmgj/wmdtgjg.exe                                                  944      trojan onlinegames                                
19   2010716         wywg/zx/dtgjwi2.exe                                                    944      trojan onlinegames                                
20   2010716         wywg/chd/slkopwt.exe                                                   944      trojan onlinegames                                
21   2010716         wywg/mssj/constant.exe                                                 944      trojan onlinegames                                
22   2010716         wywg/txer/downower.exe                                                 944      trojan onlinegames                                
23   2010716         wywg/wmgj/p9pj21.exe                                                   944      trojan onlinegames                                
24   2010716         wywg/mssj/stress.exe                                                   944      trojan onlinegames                                
25   2010716         wywg/jxqy3/jxkdk.exe                                                   944      trojan onlinegames                                
26   2010716         wywg/wlwz/ffwg1022.exe                                                 944      trojan onlinegames                                
27   2010716         wywg/rxcq/permin.exe                                                   944      trojan onlinegames                                
28   2010716         wywg/zx/zwwghg.exe                                                     944      trojan onlinegames                                
29   2010716         wywg/chd/opaslf.exe                                                    944      trojan onlinegames                                
30   2010716         wywg/yhzt/yhztzxieiai.exe                                              944      trojan onlinegames                                
31   2010716         wywg/dxcys/peasant.exe                                                 944      trojan onlinegames                                
32   2010716         wywg/rxcq/geoloal.exe                                                  944      trojan onlinegames                                
33   2010716         wywg/hx2/handfu.exe                                                    944      trojan onlinegames                                
34   2010716         wywg/qqhx/abdomen.exe                                                  944      trojan onlinegames                                
35   2010716         wywg/cqsj/allowed.exe                                                  944      trojan onlinegames                                
36   2010716         wywg/wlwz/wlmzjsg.exe                                                  944      trojan onlinegames                                
37   none            cache/readme.pdf                                                       910      exploits / redirects to exploits                  
38   none            index.php                                                              888      exploits / redirects to exploits                  
39   2010222         ts/in.cgi?pepsi18                                                      864      exploits / redirects to exploits                  
40   2011896         sp107fb/photo.exe                                                      852      trojan zbot                                       
41   none            o.js                                                                   744      redirects to rogue antivirus                      
42   2011897         ~vietshow/1.html                                                       684      vb exploits / trojan                              
43   2011897         ~vietshow/1.exe                                                        684      vb exploits / trojan                              
44   2011897         ~vietshow/levs.exe                                                     660      vb exploits / trojan                              
45   none            ~cpscom/el144/index.php                                                649      eleonore exploit pack v1.4.4mod / backdoor msil pontoeb.b
46   none            ~cpscom/el144/stat.php                                                 649      eleonore exploit pack v1.4.4mod / backdoor msil pontoeb.b
47   none            ~cpscom/el144/pdf.php                                                  649      eleonore exploit pack v1.4.4mod / backdoor msil pontoeb.b
48   none            ~cpscom/el144/load.php                                                 649      eleonore exploit pack v1.4.4mod / backdoor msil pontoeb.b
49   2012446         ~cpscom/el144/load/load.exe                                            645      eleonore exploit pack v1.4.4mod / backdoor msil pontoeb.b
50   2011693         welcome.php?id=6&pid=1&hello=503                                       619      fragus exploit kit                                
51   2011324         Games.jar                                                              617      fragus exploit kit                                
52   2011325         Notes1.pdf                                                             617      fragus exploit kit                                
53   2011326         NewGames.jar                                                           617      fragus exploit kit                                
54   none            Applet1.html                                                           617      fragus exploit kit                                
55   none            index.php                                                              613      exploits                                          
56   none            news/?s=6225                                                           600      trojan zbot                                       
57   none            index.php?pid=2                                                        574      fragus exploit kit                                
58   none            out.php?a=QQkFBg0MBAEDAAABEkcJBQcEAgQMBQUBAQ==&p=6                     477      exploit kit                                       
59   none            QQkFBg0MBAEDAAABEkcJBQcEAgQMBQUBAQ==                                   477      exploit kit                                       
60   none            mndrtdsf.jar                                                           477      exploit kit                                       
61   none            9de46d.pdf                                                             477      exploit kit                                       
62   2011898         x/l.php?id=RdxUVjSVVKicADPtx=6666os=5.1n=1                             468      rogue antivirus downloader                        
63   none            downloader.php                                                         456      trojan winwebsec                                  
64   none            dira.jar                                                               435      exploit kit                                       
65   none            downloader.php                                                         421      fraudtool roguesecurity                           
66   none            ~kengolfo/tmp/go.exe                                                   417      trojan                                            
67   2012301         7lva91ug38ri61uf7tywpja3v86qyh68/pornoplayer.exe                       414      trojan                                            
68   2011899         ~duydati/inst_PCvw.exe                                                 404      trojan perflogger                                 
69   2010465         download/install.php                                                   396      rogue antivirus downloader / internetantiviruspro 
70   2010465         download/install.php                                                   388      rogue antivirus                                   
71   2011982         xxx/download7/21/install_flash_player.exe                              383      trojandropper dunik!rts                           
72   none            downloader.php                                                         376      fraudtool.win32.roguesecurity                     
73   2011901         ~rio1/admin/login.php                                                  356      (hacked server) leads to exploits                 
74   none            get.php                                                                354      trojan privacycenter                              
75   2011902         ~mbscom/moneybookers/app/login/login.html                              339      phishing                                          
76   2012392         download/Setup_2005.exe                                                325      fast flux rogue antivirus (personalsecurity)      
77   none            1mg/am1.rar                                                            316      trojan config file                                
78   2012940         exemple.com/error.js.php                                               314      (hacked server) eleonore exploit pack / virtool vbinject.dg
79   2012940         exemple.com/j1_893d.jar                                                314      (hacked server) eleonore exploit pack / virtool vbinject.dg
80   2011128         exemple.com/load.php?spl=MS09-002                                      314      (hacked server) eleonore exploit pack / virtool vbinject.dg
81   2012940         exemple.com/pdf.php                                                    314      (hacked server) eleonore exploit pack / virtool vbinject.dg
82   2012940         exemple.com                                                            314      (hacked server) eleonore exploit pack / virtool vbinject.dg
83   2012446         exemple.com/load/load.exe                                              314      (hacked server) eleonore exploit pack / virtool vbinject.dg
84   2012940         exemple.com/j2_079.jar                                                 314      (hacked server) eleonore exploit pack / virtool vbinject.dg
85   2011121         vt073pd/LoginFacebook.php                                              311      iframe to phoenix exploit kit / trojan zbot       
86   2011903         vt073pd/photo.exe                                                      311      iframe to phoenix exploit kit / trojan zbot       
87   none            DATA                                                                   301      trojan vb.aag                                     
88   2011357         download/SetupSecure_2005.exe                                          293      fast flux rogue antivirus                         
89   2010452         installer.1.exe                                                        291      rogue antivirus downloader / fakeplus             
90   2011904         download.php?id=2004                                                   289      fast flux rogue antivirus                         
91   2011905         x/index.php?s=dexc                                                     286      exploit kit                                       
92   2011906         x/load/svchost.exe                                                     286      exploit kit                                       
93   none            index.php?Q4fhhtTbbUVGOnqOM5pLyCgzE9/4TDfAodjyCAfPpGrV0S93hKcpWlGzq2bgiloUsF+mUyrxH203fpXOpgfNqERhZQjJK+2eKeYCQEQe 284      fake scan page                                    
94   none            news/?s=136088                                                         283      trojan zbot config file                           
95   none            get/view.php                                                           277      exploit kit                                       
96   2011908         get/exe.php?x=mdac                                                     277      exploit kit                                       
97   none            cache/flash.swf                                                        275      exploits / redirects to exploits                  
98   none            in6.php                                                                274      leads to brebolab exploits                        
99   2011907         x/l.php?s=dexc                                                         273      exploit kit                                       
100  none            cl107_289.php                                                          272      rogue antivirus downloader                        
101  none            news/?s=47345                                                          266      trojan zbot config file                           
102  2011908         x/exe.php?x=mdac                                                       264      exploit kit                                       
103  none            download.php?src=main                                                  262      program pameseg                                   
104  2011909         Flash.HD.exe                                                           258      trojan renos                                      
105  none            load.php                                                               257      exploits / trojan                                 
106  none            0x3E8/f=fb2/view/console=yes/setup.exe                                 251      trojan koobface                                   
107  none            showthread.php?t=412882                                                249      exploit kit                                       
108  2011967         ~altinero/scripts/bot.exe                                              244      trojan zbot (hacked server)                       
109  none            showthread.php?t=602303                                                233      exploit kit                                       
110  none            ~daysin/a-b-1.jpeg                                                     231      worm autorun.aas / virtool vbinject.fa            
111  none            ~daysin/opala.jpeg                                                     231      worm autorun.aas / virtool vbinject.fa            
112  none            ~daysin/T1p1.jpeg                                                      231      worm autorun.aas / virtool vbinject.fa            
113  none            cache/readme.pdf                                                       227      exploits / trojan                                 
114  2010440         flash-HQ-plugin.40000.exe                                              226      fast flux trojan                                  
115  none            img/index.html                                                         225      redirects to trojan                               
116  none            cgi-bin/dep/z002106201r0409R8b7f9ba1Xdab766a6Y91e4f74eZ0100f08030dP000301080 217      trojan tdss                                       
117  none            sw/l.php?partner_id=154&u=661bc681-bcf8-44d5-9e55-564a5cdfe0d8&log_id=34&os=5.1.2600.256.1.0. 216      malware calls home                                
118  2011968         ~dijejacr/update/html2.exe.bak                                         215      trojan banker                                     
119  none            ~plastiko/stable.exe                                                   213      trojan rimecud.a                                  
120  none            clean.exe                                                              213      trojan fakealert                                  
121  none            cache/flash.swf                                                        207      exploits / trojan                                 
122  none            news                                                                   205      trojan zbot config file                           
123  none            showthread.php?t=30260182                                              202      exploit kit                                       
124  none            xoxo.jar                                                               202      exploit kit                                       
125  none            download.php                                                           201      trojan                                            
126  2011326         NewGames.jar                                                           199      fragus exploit kit / pws: daurso.a                
127  none            Applet1.html                                                           199      fragus exploit kit / pws: daurso.a                
128  none            index.php?pid=2                                                        199      fragus exploit kit / pws: daurso.a                
129  2011148         images/gr_old_cr.exe                                                   199      fragus exploit kit / pws: daurso.a                
130  none            showthread.php?t=90140028                                              199      exploit kit                                       
131  2011325         Notes1.pdf                                                             199      fragus exploit kit / pws: daurso.a                
132  2011324         Games.jar                                                              199      fragus exploit kit / pws: daurso.a                
133  2011693         welcome.php?id=6&pid=1&hello=503                                       199      fragus exploit kit / pws: daurso.a                
134  none            sw/l.php?partner_id=75&u=09752ad1-8934-434f-8187-f9d45ae48238&log_id=12&os=5.1.2600.256.1.0. 198      malware calls home                                
135  2012332         download/SecurIns_194.exe                                              198      fast flux rogue antivirus                         
136  none            news/?s=67948                                                          190      trojan zbot config file                           
137  none            sw/l.php?partner_id=73&u=4eb8366b-679b-47e1-bdf8-cfa3c07bc1d0&log_id=34&os=5.1.2600.256.1.0. 187      malware calls home                                
138  none            zlv1/enter.php                                                         185      best pack exploit kit                             
139  none            message.php?subid=2871&br=IE_6.00&os=12&flg=2&id=5F60FAF878B650F053239049F41A2EF3&ad=&ver=_if21 185      trojan bamital calls home                         
140  none            QQkFBg0NBgYDDAABEkcJBQcEAgYNDAcABw==                                   183      incognito exploit kit                             
141  none            bujuin.jar                                                             183      incognito exploit kit                             
142  none            sw/l.php?partner_id=75&u=4b7cb49c-324b-4d59-b34c-9f908c0c756d&log_id=12&os=5.1.2600.256.1.0. 179      malware calls home                                
143  none            1mg/am.rar                                                             178      trojan config file                                
144  2011967         ~bbonline/administrative/bot.exe                                       175      trojan zbot                                       
145  none            x/index.php                                                            172      phoenix exploit kit                               
146  2010050         download/Antivirus_21.exe                                              162      rogue antivirus / personal antivirus - fakexpa    
147  2012302         load/powersecure_2005-19_ibr8.exe                                      159      rogue antivirus downloader                        
148  none            news/?s=195341                                                         157      trojan zbot config file                           
149  none            admin.php                                                              156      exploit kit                                       
150  2011966         tube/Adobe__Flash__Player.exe                                          156      trojan downloader                                 
151  2010684         download/IAInstall.exe                                                 155      rogue antivirus downloader / internetantiviruspro 
152  none            mupp/mummysgold/mummysgold.cab                                         151      malware calls home / spamtool casino config files 
153  none            mupp/mummysgold/gamepak.txt                                            151      malware calls home / spamtool casino config files 
154  none            mupp/mummysgold/icab-0027/__mupinfo-en_pi.cab                          151      malware calls home / spamtool casino config files 
155  none            mupp/mummysgold/icab-0027/mupinfo-en.cab                               151      malware calls home / spamtool casino config files 
156  none            download.php                                                           149      rogue antivirus                                   
157  none            pdf.php                                                                149      exploit kit / trojan                              
158  2011906         load/svchost.exe                                                       148      exploit kit / trojan                              
159  none            l.php                                                                  148      exploit kit / trojan                              
160  none            index.php                                                              148      exploit kit / trojan                              
161  2011970         x/tmp/flash.swf                                                        147      phoenix exploit kit                               
162  2011972         x/tmp/newplayer.pdf                                                    147      phoenix exploit kit                               
163  2011972         x/tmp/collab.pdf                                                       147      phoenix exploit kit                               
164  2011972         x/tmp/libtiff.pdf                                                      147      phoenix exploit kit                               
165  2011972         x/tmp/printf.pdf                                                       147      phoenix exploit kit                               
166  2011972         x/tmp/pdfswf.pdf                                                       147      phoenix exploit kit                               
167  2011973         x/tmp/des.jar                                                          147      phoenix exploit kit                               
168  2011972         x/tmp/geticon.pdf                                                      147      phoenix exploit kit                               
169  2011972         x/tmp/all.pdf                                                          147      phoenix exploit kit                               
170  2012540         ~scotiaba/salvando-usb.exe                                             145      (hacked server) backdoor poison                   
171  none            e/stat.php                                                             143      eleonore exploit pack / trojan zbot               
172  none            id735rp/update.exe                                                     141      trojan zbot                                       
173  none            ~delmonca/u/index.php                                                  141      exploit kit                                       
174  none            ~delmonca/u/1.exe                                                      141      exploit kit                                       
175  none            x/l.php?id=GHylYKZMxrpmeBlt&x=6666&os=5.1&n=1                          141      malware calls home                                
176  none            ~delmonca/u/pdf.php                                                    141      exploit kit                                       
177  none            ~delmonca/u/load.php                                                   141      exploit kit                                       
178  2011981         cms4/757/2/QuickTime_Update_KB673901.exe                               139      trojan                                            
179  none            sw/l.php?partner_id=154&u=1aa1af44-7374-40c1-ab58-f73ad8701972&log_id=34&os=5.1.2600.256.1.0. 139      malware calls home                                
180  none            ssp/js/common.js                                                       138      exploit kit / trojan oficla                       
181  2010533         ssp/files/sdfg.jar                                                     138      exploit kit / trojan oficla                       
182  none            ssp/load.exe                                                           138      exploit kit / trojan oficla                       
183  2010532         ssp/files/annonce.pdf                                                  138      exploit kit / trojan oficla                       
184  none            ssp/admin.php                                                          138      exploit kit / trojan oficla                       
185  none            ssp/index.php                                                          138      exploit kit / trojan oficla                       
186  2010534         ssp/loadjavad.php                                                      138      exploit kit / trojan oficla                       
187  none            tre/vena.php                                                           136      neosploit toolkit / trojan downloader lukicsel.a  
188  none            tre/vena.php/yH                                                        136      neosploit toolkit / trojan downloader lukicsel.a  
189  none            statistics.php                                                         134      phoenix exploit kit / trojan zbot                 
190  2010464         download.php?id=2013                                                   134      fast flux rogue antivirus                         
191  2011972         tmp/newplayer.pdf                                                      134      phoenix exploit kit / trojan zbot                 
192  none            l.php                                                                  134      phoenix exploit kit / trojan zbot                 
193  2010221         3/installer/Installer.exe                                              133      trojan fakerean                                   
194  2010221         1/installer/Installer.exe                                              133      trojan fakerean                                   
195  2010221         2/installer/Installer.exe                                              133      trojan fakerean                                   
196  none            manuale.pdf                                                            131      exploit kit                                       
197  2011980         ~bharatc/imagFaceBook.exe                                              131      trojan ircbrute                                   
198  none            out.php?a=QQkFBg0DBwYNAwwFEkcJBA==&p=7                                 130      exploit kit                                       
199  none            cb2c2d.pdf                                                             130      exploit kit                                       
200  none            e/index.php                                                            129      eleonore exploit pack / trojan zbot               
201  none            e/load.php?spl=mdac                                                    129      eleonore exploit pack / trojan zbot               
202  none            e/pdf.php                                                              128      eleonore exploit pack / trojan zbot               
203  2011984         download/MalvRem_2004.exe                                              127      fast flux rogue antivirus                         
204  none            download.php?id=2012                                                   126      fast flux rogue antivirus                         
205  none            js.php                                                                 125      exploit kit                                       
206  2011966         tube/Adobe__Flash__Player.exe                                          124      trojan                                            
207  none            x/statistics.php                                                       124      phoenix exploit kit                               
208  2011985         download/avdistr_2005.exe                                              123      fast flux rogue antivirus                         
209  none            ?n=1040                                                                123      phoenix exploit kit                               
210  2012392         download/Setup_245.exe                                                 120      fast flux rogue antivirus                         
211  none            pack/exp/getexe.php?spl=mdac                                           118      exploit kit / rogue antivirus                     
212  none            pack/exp/pdf.php?user=ipoll&pdf_acces=on                               118      exploit kit / rogue antivirus                     
213  2010453         installer_1.exe                                                        118      rogue antivirus downloader / fakeplus             
214  2011908         x/exe.php?x=mdac                                                       118      trojan                                            
215  2010741         x/exe.exe                                                              115      phoenix exploit kit                               
216  none            op1.js=http://www.theriverlive.cn                                      115      redirects to rogue antivirus                      
217  none            setup.exe                                                              115      rogue antivirus                                   
218  none            page/news.php                                                          114      neosploit toolkit                                 
219  none            fgdtshjdkyfhxtgstre.jar                                                112      trojan downloader java exdoer                     
220  2011908         images/exe.php?x=mdac                                                  112      exploit kit                                       
221  none            rsf/loadjavad.php                                                      111      exploits / trojan oficla                          
222  none            rsf/js/common.js                                                       111      exploits / trojan oficla                          
223  none            rsf/files/annonce.pdf                                                  111      exploits / trojan oficla                          
224  none            rsf/index.php                                                          111      exploits / trojan oficla                          
225  none            rsf/files/sdfg.jar                                                     111      exploits / trojan oficla                          
226  none            d.php?f=7&e=                                                           110      exploit kit                                       
227  2012538         games/pdf2.php?f=7                                                     110      exploit kit                                       
228  2011967         bot.exe                                                                110      trojan zbot                                       
229  2012538         games/pdf.php?f=7                                                      110      exploit kit                                       
230  2011908         download/exe.php?x=mdac                                                109      exploit kit                                       
231  none            sw/l.php?partner_id=160&u=08645b40-ec5f-467c-a7da-7ff301143e60&log_id=12&os=5.1.2600.256.1.0. 108      malware calls home                                
232  2012333         nte/GNH11.exe/yH                                                       106      neosploit toolkit                                 
233  2012333         nte/GNH11.exe                                                          106      neosploit toolkit                                 
234  2011985         download/avdistr_2004.exe                                              102      fast flux rogue antivirus                         
235  2010055         pcdef.exe                                                              101      trojan tdss / rogue antivirus                     
236  none            in.php                                                                 101      leads to waledac exploits / trojan                
237  2011982         flash_player.exe                                                       101      trojan ransom.am                                  
238  none            wcap.exe                                                               101      leads to waledac exploits / trojan                
239  2010054         codec.exe                                                              101      trojan tdss / rogue antivirus                     
240  none            file.exe                                                               101      trojan tdss / rogue antivirus                     
241  none            ~centervi/site/pic2.jpg                                                100      trojan delf                                       
242  none            news/?s=166506                                                         100      trojan zbot config file                           
243  none            setup.exe                                                              99       trojan koobface                                   
244  none            stalinbin/config.bin                                                   99       trojan spyeye config file                         
245  none            index.php?tp=8db1a050f929d8da                                          98       blackhole exploit kit / trojan downloader carberp.c
246  none            d.php?f=109&e=2                                                        98       blackhole exploit kit / trojan downloader carberp.c
247  none            showthread.php?t=932651                                                97       exploit kit                                       
248  none            _cp/gate.php                                                           97       trojan spyeye drop zone                           
249  2010453         installer_1.exe                                                        96       rogue antivirus downloader                        
250  2012940         exemple.com                                                            95       (hacked server) eleonore exploit pack             


More information about the Emerging-sigs mailing list