Malware Domain List

Malware Related => Malicious Domains => Topic started by: MysteryFCM on December 26, 2008, 11:39:40 pm

Title: 1centptc.info
Post by: MysteryFCM on December 26, 2008, 11:39:40 pm
The URL it loads is;

helinking.cn/nt/index.php

This is loaded in a 1x1 iFrame, and contains one hell of a mess;

http://vurl.mysteryfcm.co.uk/?url=151355

Which eventually decodes to download the payload from;

helinking.cn/nt/load.php?id=4293&spl=4

= /load.exe

Which according to Avira, is the TR/Crypt.XPACK.Gen trojan

It also tries loading a PDF exploit;

helinking.cn/nt/pdf.php?id=4293

= /9415.pdf

Which according to Avira is: EXP/Piedief.CL.1 exploit