Author Topic: Windows Protection Suite  (Read 4572 times)

0 Members and 1 Guest are viewing this topic.

August 26, 2009, 06:53:23 pm
Read 4572 times


  • Sr. Member

  • Offline
  • ****

  • 179
Once installed, malware calls home to

Code: [Select]
User-Agent: Mozilla/3.0 (compatible; TALWinInetHTTPClient)
Accept: text/html, */*
Proxy-Connection: Keep-Alive

Response back includes domains for which to talk to:
Code: [Select]



Also contacts to produce html/image content for the fraud payment site:

Fraudulant payment processing is handled by,WIPS_EN_00,WIPS_EN_01,ACTF_EN,EDS_EN_S&sku_checked=1&nid=15edf56585c7bc5a46d843def95b7c48&affid=7&lid=wvXP;b_Unknown;1;11011;0;0;-1;10

Some of the domains are in the MDL, but the following domains are not and should be considered for being added to MDL: