cureid.pw (pop3 bruteforcing botnet hosted by firstvds.ru)

By I_Post_Ur_Info, September 13, 2013

Resolved cureid.pw to 62.109.17.111

Server: cureid.pw
Gate file: /cmd.php

The fort disco brute forcing malware has been upgraded, and is now bruteforcing pop3 accounts.
The url list to bruteforce is now a list of domains and MX servers.

motorisationplus.com:mx00.1and1.fr
instagift.com:aspmx.l.google.com
paddypartners.it:cluster2a.eu.messagelabs.com
nunofi.sk:mail3.itstudio.cz
realasianbabes.com:oxmail.registrar-servers.com
kvalitetskatalog.se:kvalitetskatalog.se
caissedesdepots.fr:mail1.caissedesdepots.fr
siat.ac.cn:mx.cstnet.cn

A list is mirrored here, you can see more in an open directory at hxxp://cureid.pw/temp_brut/

Hosting infos: http://whois.domaintools.com/62.109.17.111

Related md5s (Search on malwr.com to download samples)
Brute forcing bot: 538a4cedad8791e27088666a4a6bf9c5

Categories: Uncategorized

Tags: fort discopop3 bruting

Previous postmilfsdeasing.com (paradise ddos bot hosted by zevshost.net)

Next postBetabot botnets linked to hackforums users

dorblu99.net (WordPress bruteforcing botnet hosted by hetzner.de)

cureit.pw (WordPress bruting botnet hosted by firstvds.ru)

google-analytics.pw (WordPress bruting botnet hosted by intermedia.md)