Blog

Ranjeet Menon
DNAScan Vs Warezov
December 1, 2006

We are still getting reports of I-Warezov in the wild. So we tested out our last released build of Quick Heal AV and Quick Heal TS with Virus Database date 1 Nov 2006. We were happy to notice that DNAScan succesfully removed/ blocked all mails having I-Warezov as suspicous file attachment.

Here is a list of domain used by warezov to download its updated module and other files. People can block below domain in there firewall or gateway level protection.

bonghuikunsa.com

cedesunjerinkas.com

endfunjdaswuinjdeshihus.com

ertinmdesachlion.com

esunhuitionkdefunhsadwa.com

fandesjinkderunha.com

gadesunheranwui.com

gandesunjindkerunhdas.com

gdnafuidjeinkdadewa.com

genfikintundesalion.com

genfushijinkertiondase.com

gwenrijinkdesunjain.com

hertionkadesinpoion.com

huiderinjdasunlixsde.com

huirefunkionmdesa.com

ifrstats.com

jaxedunnjsatunheri.com

krovalidajop.com

oldartero.com

quijindeshkinmas.com

rasetikuinyunhderunsa.com

rxff.net

sadujadesion.com

seriondefunkasdeun.com

shionkertunhedanse.com

shionmkindefunjas.com

traferreg.com

tuihudenfhungdansein.com

vadesunjionderunhdae.com

vaserjungenfujinas.com

vedasetionkderun.com

vertioksdefunhasdesi.com

vertionkdaseliplim.com

yolonkishishutionjdehunfa.com

yuhadefunjinsa.com

The worm spread using emails. We would request all the readers and users not to open any attachments having below string in the name

attach[RANDOM NUMBER]..txt.[SPACES]exe.dat

attach[RANDOM NUMBER].zip

doc.zip

body

doc

docs

file

message

readme

test

data

Update-KB201-x86.zip

Update-KB1312-x86.zip

Update-KB3036-x86.zip

Update-KB3421-x86.zip

Update-KB3625-x86.zip

Update

SHARE THIS STORY

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image