Apr24
1:54 am (UTC-7)   |   by Ryan Flores (Advanced Threats Researcher)

Yep it is, and it seems like the domain was created for the sole purpose of hosting malware.


A quick look on our malicious URL records shows 97725.com provides malicious downloads for malwares such as PE_LOOKED, TSPY_LEGMIR, TROJ_MULDROP, TSPY_QQPASS, TSPY_WOW, and the most recent Microsoft exploit that hit it big – EXPL_ANIGEN.


The said domain is hosted in China (not suprising) and most of the malwares that download or can be downloaded from 97725.com are all related to online game stealing.
One interesting anti – URL Blocking technique used by the malicious author/s is the use of subdomains. 123.97725.com, down.97725.com, and www.97725.com are the subdomains related to 97725.com discovered by Trend. As of writing, the domain 97725.com is being added to the URL Web Blocking list.


We advise network administrators and IT personnel to check for connection attempts to 97725.com as it could signify an infected computer in the network.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Tuesday, April 24th, 2007 at 1:54 am and is filed under Uncategorized . Responses are closed, but you can trackback from your own site.



Comments are closed.


Fake Security Website Downloads Rogue Application
Harmful License spammed in Germany


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice