- Update This is a file is from Phoenix 2.0 exploit kit and maybe others. Email me if you need other files used by that kit.
- hxxp://xgazz.biz/var/tmp/des.jar Virustotal
Download 98F5ACDB21E8B8116FE5C7B4BA17D0E9 desr.jar as a password protected archive (contact me if you need the password)
CVE-2009-3867 Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
- hxxp://lindaritchies.com/1.jar Virustotal
Download JAR C354C0E11DB8F98EF126063479EF71B1--1. Jar as a password protected archive (contact me if you need the password)
- hxxp://cupilostax.com/xvxx/bbb.jar contains a
variant of Java/TrojanDownloader.Agent.NAI trojan, which is CVE-2008-5353 The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". (thank you, Dave)
- hxxp://188.8.131.52:81/5ea2992f2357b/setup5046608.exe contains Win32/Koobface.NCT worm.