http://{BLOCKED}81.166:8080/{generated value}

February 20, 2013

• Email
• Facebook
• Twitter
• Google+
• Linkedin

 Analysis by: Kenneth Guang Zheng Lee

---

 URL BLOCKING DATE/TIME: 31 Jan 2013 08:05:00 AM GMT-8

 RATING: HIGH

 DOMAIN: 77.79.81.166

 CATEGORY: Disease Vector

 DESCRIPTION:

BKDR_KULUOZ.PFG connects to this site to send and receive information. This malware disguises as delivery receipts for well-known postal and delivery services firms and airlines, including Delta Airlines and FedEx.

Related URLs

• http://{BLOCKED}20.202:8080/{generated value}
• http://{BLOCKED}.50.161:8080/{generated value}
• http://{BLOCKED}.22.146:8080/{generated value}
• http://{BLOCKED}159.166:8080/{generated value}
• http://{BLOCKED}10.68:8080/{generated value}
• [More]

Related Malware

• BKDR_KULUOZ.PFG