Download 6 samples (some are listed below, all are versions of the same trojan) as a password protected archive (contact me if you need the password) https://twitter.com/#search?q=ripway - twitter search
Other malware spreaders you may find interesting are (I did not check every link for malware presence so please correct me if any of the links/searches are false positives). They look bad to me though.
https://twitter.com/#search?q=shup.com
https://twitter.com/#search?q=localhostr.com
https://twitter.com/#search?q=freewebtown.com
https://twitter.com/#search?q=su1%20exe
http://twitter.com/#search?q=upload2009
http://twitter.com/#search?q=up-00
http://twitter.com/#search?q=arabsh
http://twitter.com/#search?q=Download%20Accelerator%20Plus
http://twitter.com/#search?q=fileave
http://twitter.com/#search?q=anilaali.com
Domain h1.ripway.com
http://www.robtex.com/ip/64.62.181.46.html
64.62.128.0/18
Hurricane Electric 55 South Market St San Jose, CA AS6939
HURRICANE Electric
Malware (a few samples used )
video.xnxx.comvideo61715petite_babe_big_faci.exe
http://virscan.org/report/d7615d0c0d4a6cc91245617662095b62.html
a-squared 5.0.0.11 20100605043517 2010-06-05 Backdoor.Win32.Bifrose!IK 12.027
AVAST! 4.7.4 100605-0 2010-06-05 Win32:VB-OUL [Trj] 0.008
GData 21.297/21.98 20100605 2010-06-05 Win32:VB-OUL [Trj] [Engine:B] 15.672
Ikarus T3.1.01.84 2010.06.05.76004 2010-06-05 Backdoor.Win32.Bifrose 6.630
JiangMin 13.0.900 2010.06.05 2010-06-05 Trojan/Buzus.hlp 2.267
McAfee 5400.1158 6004 2010-06-05 BackDoor-CEP.gen.cb 17.766
Microsoft 1.5802 2010.06.05 2010-06-05 VirTool:Win32/VBInject.gen!CI 6.919
Norman 6.04.12 6.04.00 2010-06-04 W32/VBInject.AS 6.028
Panda 9.05.01 2010.06.05 2010-06-05 Bck/Bifrost.gen 5.889
Quick Heal 10.00 2010.06.05 2010-06-05 Suspicious - DNAScan 1.765
File Name : video.exe
http://virscan.org/report/02e932f4725a22c9301b3db9e8e102c0.html
File Size : 193125 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 2f4f4c151ed20283443e79f5c35f8d45
AntiVir 8.2.2.6 7.10.7.251 2010-06-04 TR/Spy.218394 0.257
McAfee 5400.1158 6004 2010-06-05 BackDoor-CEP.gen.cb 16.025
Panda 9.05.01 2010.06.05 2010-06-05 Bck/Bifrost.gen 1.708
Quick Heal 10.00 2010.06.05 2010-06-05 Suspicious - DNAScan 1.528
VirusBuster 4.5.11.10 10.126.67/2027645 2010-06-06
File Name : mahaaa.exe
http://virscan.org/report/b3835cdc5c45685c1c9350fc1318ef11.html mahaaa.exe
File Size : 230604 byte
MD5 : 079b2752644e75609ef0ba8329fcabb9
SHA1 : 917139aab4bbc51af958a3e03c00dd19c57b7846
a-squared 5.0.0.11 20100605043517 2010-06-05 Backdoor.Win32.Bifrose!IK 0.888
AntiVir 8.2.2.6 7.10.7.251 2010-06-04 TR/Spy.205381.1 0.264
AVAST! 4.7.4 100605-0 2010-06-05 Win32:Spyware-gen [Spy] 0.014
BitDefender 7.90123.6157321 7.32048 2010-06-06 Gen:Trojan.Heur.om2@rT8DpFoaQ 3.957
GData 21.298/21.99 20100605 2010-06-05 Win32:Spyware-gen [Spy] [Engine:B] 7.262
Ikarus T3.1.01.84 2010.06.05.76004 2010-06-05 Backdoor.Win32.Bifrose 6.541
JiangMin 13.0.900 2010.06.05 2010-06-05 Trojan/Buzus.gvi 1.195
McAfee 5400.1158 6004 2010-06-05 BackDoor-CEP.gen.cb 15.966
Panda 9.05.01 2010.06.05 2010-06-05 Bck/Bifrost.gen 1.721
Quick Heal 10.00 2010.06.05 2010-06-05 Suspicious - DNAScan 1.624
Anubis Report 1 Captain.ex.exe
http://anubis.iseclab.org/?action=result&task_id=182f301d06a8b2c74ed26c9817f6a8c48&format=html
Malware TCP traffic to
- 82.137.245.67
Syrian Arab Republic (none) 82.137.192.0/18
STE Public Data Network Backbone and LIR AS29386
STE-AS2 Syrian Telecommunications Establishment
Anubis Report 2 viurgn.com.exe
http://anubis.iseclab.org/?action=result&task_id=1354dfeb3e9278c44a95390c4d036902d&format=html
Malware TCP Traffic to 94.98.220.37:963
http://www.robtex.com/ip/94.98.220.37.html#ip
Hostname: 94.98.220.37.dynamic.saudi.net.sa
ISP: SaudiNet, Saudi Telecom Company
Organization: SaudiNet, Saudi Telecom Company
Country: Saudi Arabia sa flag
State/Region: Ar Riyad
These are some of the accounts as of June 5 and examples of links/posts
xsyria
hxxp://h1.ripway.com/xboldx/Captain.zip قصائد نزار قباني والشاعر عماد السيد لن تروها الا هنا
hxxp://h1.ripway.com/xboldx/Captain.exe لعبة السكس الشهيرة عالميا اصبحت مجانا جربوها ولن تخسروا بل ستربح اللذة
hxxp://h1.ripway.com/xboldx/Captain.exe Game Captain now famous celebrity free Ejreboha will Tkhosro Stervhawwa pleasure, but the truth
w3elly
hxxp://h1.ripway.com/hamadh6200/NasSim_x721x .exe Tool speed up the work of Computer
xxhotgirlxx20
hxxp://h1.ripway.com/sexanal/I%20need%20a%20friend.rar
dofus159
hxxp://h1.ripway.com/ftp/video.xnxx.comvideo61715petite_babe_big_faci.exe
xxhotgirlxx20
hxxp://h1.ripway.com/sexanal/I%20need%20a%20friend.rar
ishq7man
hxxp://h1.ripway.com/ishq7man/Chat%20With%20Girls.exe This programm is easy to use you can chat with any one specially (Girls) With Cam
hamodhay
Be free ardoghan Gazah need you'r help .. setub ardoghan tollbar for help us hxxp://h1.ripway.com/hamodhay/ordo.exe
تحريرا لشعوب غزة ونصر رجب اوردوغان لنوحد شعارنا غزة و اردوغان.. حمل برنامج دعم اردوغان .. hxxp://h1.ripway.com/hamodhay/ordo.rar
bda7
hxxp://h1.ripway.com/abda7/ghost_dz.exe Another version of the solution and the problems of windows XP Abe, Vista program ghost_dz
g0od_b0y
(hxxp://h1.ripway.com/fs0l/Difference.bat } The difference between men and women ...... scientifically
fucksoso
hi am sara and i love sex so much is u wanna know more about me come here hxxp://h1.ripway.com/reem0979/reeeeem.rar we will chatting
fsol_sam
{ hxxp://h1.ripway.com/fs0l/sexy.bat } Games +18
nasser1001
Hello guys Allehaa Turkkm with the download Tvdilo hxxp://h1.ripway.com/vxx9/y1g.com
xxhotgirlxx20
hxxp://h1.ripway.com/sexanal/I%20need%20a%20friend.rar hi
hxxp://h1.ripway.com/sexanal/I%20need%20a%20friend.rar
hxxp://h1.ripway.com/ababneh11/flash%20pic%20for%20mee%20!!.pif
