- http://intensedive.com/install/setup.php?m=d310b08f1d6d&i=1&id=000069000
- http://intensedive.com/install/setup.php?m=d310b08f1d6d
- http://intensedive.com/updates/cleaner.dll?m=d310b08f1d6d
The IP address behind these domains is 94.102.63.99. From www.robtex.com we can see the following graph
AS29073 belongs to Ecatel Network which is a well known crimeware friendly ISP.
http://hphosts.blogspot.com/2009/11/crimeware-friendly-isps-ecatel-as29073.html
Ecatel is infamous for the massive hosting of malware and spambots, the most widely used IPs are:
- 94.102.60.151
- 94.102.60.152
- 94.102.60.153
- 94.102.60.182
- 94.102.60.43
- 94.102.60.77
Detailed information on Ecatel activities can be seen here: http://www.sudosecure.net/archives/333
Often Ecatel was involved into fakeAV campaigns, and ZeroAccess drives to fake software download. From sudosecure.net we see a relation with the well-know cybercrime ring, RBN ( Russian Business Network ).
----- end snippet -----
-
About The Author
Giuseppe Bonfa
-
Giuseppe is a seasoned InfoSec professional in Reverse Code Engineering and Development with 10 years of experience under Windows platforms. He is currently deeply focused on Malware Reversing (Hostile Code and Extreme Packers) especially Rootkit Technology and Windows Internals. He has previously worked as Malware Analyst for Comodo Security Solutions as a member of the most known Reverse Engineering Teams and is currently a consultant for private customers in the field of Device Driver Development, Malware Analysis and Development of Custom Tools for Digital Forensics. He collaborates with Malware Intelligence and Threat Investigation organizations and has even discovered vulnerabilities in PGP and Avast Antivirus Device Drivers. As a technical author, Giuseppe has over 10 years of experience and hundreds of published pieces of research.
Blog Search
Blog Posts
- Eventbrite: Your service sucks.
- Great article about why you get spam/viruses
- New site for all you gamers out there
- Massive iPhone repair price drops!
- Remote Administration Tool - RDP - Remote Desktop to Windows
- Chromebooks coming VERY soon
- Android Caller ID
- Apple = Evil Empire? We've covered it here in the past..
- Kirkland Store Moving - Still in Business - only slight changes
- Why Can't I Just Use a Software to Tune-Up My PC?
- Best Free Antivirus - for 2011
- Laptop Repair Services
- New Website - community driven - Ski Bus Directory
- Interview with Desiree on Live TV!
- 12 Scams of Christmas - from mcaffee and consumeraffairs
- File Syncing - Small Business and Home Users - reviews
- Best Tech Toys of 2010 - List Link
- Virus Removal - Virus writing and organized crime - follow up
- Synergy on Windows 7 - Proper HowTo
- Google TV is out - Did everyone notice?
- 24 port USB Hub! Great gift idea :)
- Follow up to Virus writing and Organized Crime article
- Cool TV/Media Gift - Start planning now
- Test your Battery Backups and Data Backups
- Bellevue Store Opening Monday Hopefully
- iPhone 4 glass repairs now!
- Android vs iPhone - part 2 of many
- New Location - Bellevue Computer Repair Shop
- TRAINING MATERIAL - DHCP on a home network
- We now fix IPHONES! Come by for screen repair
- ANDROID - Do you want to be free?? (1 of many posts to come)
- iPad news - need to drive traffic to your site??
- Nerd Music - good hip hop actually
- Fun at the Redmond Store
- BattleMech’s in Seattle!
- Botnets gone wild! Botnets attacking eachother
- HOWTO: Burn an ISO in Windows XP
- Apple is unfriendly, but very cool.
- Holy Smokes - Picasa is Awesome!
- 10 Media Center Apps - throw away your cable box!
- How to Not get a Virus
- McDonald's to offer free, unlimited Wi-Fi!
- Communication Etiquette for 2010 and beyond.
- Security Film - Vehicle Protection, Theft Protection
- Antivirus products rated - none worthwhile?
- New employee benefit in the works - healthy eating
- Windows 7 has launched - time to change
- Clarion Care launching - good friends of ours
- New Business Service - sister company launching
- Safe surfing for Kids - start training them now!
