97725.com is hosting malware!

April 24th, 2007 by Ryan Flores (Advanced Threats Researcher)

Yep it is, and it seems like the domain was created for the sole purpose of hosting malware.


A quick look on our malicious URL records shows 97725.com provides malicious downloads for malwares such as PE_LOOKED, TSPY_LEGMIR, TROJ_MULDROP, TSPY_QQPASS, TSPY_WOW, and the most recent Microsoft exploit that hit it big - EXPL_ANIGEN.


The said domain is hosted in China (not suprising) and most of the malwares that download or can be downloaded from 97725.com are all related to online game stealing.
One interesting anti - URL Blocking technique used by the malicious author/s is the use of subdomains. 123.97725.com, down.97725.com, and www.97725.com are the subdomains related to 97725.com discovered by Trend. As of writing, the domain 97725.com is being added to the URL Web Blocking list.


We advise network administrators and IT personnel to check for connection attempts to 97725.com as it could signify an infected computer in the network.

Print Posts
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Subscribe in a reader

Most Recent Posts

Most Popular Posts

Links

Blogroll


Scan for free!