Historical OSINT - Newly Launched Koobface Themed Campaign Spotted in the Wild
Related malicious URLs known to have participated in the campaign:
hxxp://qjcleaner.eu/hitin.php?affid=02979
Once executed a sample malware phones back to a well known command and control server IPs:
hxxp://212.117.160.18 GET /install.php?id=02979
Parked at the same IP where crusade affiliates are were more scareware domains. Meanwhile, the Koobface gang is currently busy typosquatting my name for registering domains (Rancho Ranchev; Pancho Panchev) for instance hxxp://mayernews.com - Email: 1andruh.a1@gmail.com is registered using Danchev Danch.
About Dancho Danchev
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
