Currently, these scripts are subjected to obfuscation, is being used by botnet Zeus to recruit zombies PCs through Drive-by-Download attack.
When accessing the website only displays a blank page, but to check its source code is a code written in JavaScript like this:


Some of the domains that contain LuckySploit are reflected below:
r-state .com/ equi/It's worth noting that many of these URL's are active, therefore if you decide to access any of it, keep in mind the safety measures appropriate to the case.
trafffive .cn/wait/ ?t=15
trafffive .cn/bm/ ?t=15
directlink9 .cn/wait/ ?t=15
directlink4 .cn/bm/ ?t=15
directlink2 .cn/wait/ ?t=15
directlink1 .cn/bm/ ?t=15
directlink0 .cn/wait/ ?t=15
superioradz .info/opis3/ ?t=2
superioradz .info/opis2/ ?t=2
rodexcom .org/parus/ ?t=5
dvlorg .net/parus/ ?t=25
top.sei-keine .com/u-store/ ?t=1
statclick .net/main/ ?t=1
deinglaube .com/ images/
202.73.57.6/ tomi
federalreserve.banknetworks .net/bb/ ?t=2
fuadrenal .com/mito/ ?t=2
fuck-lady .com/prn/index .php
hello-to-you .net/rttz/ ?t=6
In some script clearly read at the end of a message that says:
attack_level = 0;;In this way, Zeus is adhering to its network equipment malicious computer infected.
try {
f = 'Welcome to LuckySploit:) \n ITS TOASTED';
Related information:
Zeus botnet. Mass propagation of trojan. Part two - Spanish version
Zeus botnet. Mass propagation of trojan. Part one - Spanish version
Malware attack via Internet - Spanish version
# Jorge Mieres
No comments:
Post a Comment