Author Topic: someone know this malware  (Read 4880 times)

0 Members and 1 Guest are viewing this topic.

February 09, 2009, 10:00:42 am
Read 4880 times

sualck

  • Newbie

  • Offline
  • *

  • 6

February 09, 2009, 11:20:39 am
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Getting a 404 for that?
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

February 09, 2009, 11:25:46 am
Reply #2

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Likely fake, but posting for clarity

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.7 Results
Source code for: http://wii.per-line.cn/
Server IP: 117.25.128.12 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Scripts: 0
iFrames: 0
via Proxy: TeMerc Internet Countermeasures (US)
Date: 09 February 2009
Time: 11:20:01:20
*****************************************************************
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Account Suspended</title>
<style type="text/css">
<!--
body { font-family: Tahoma, Arial, Helvetica, sans-serif;}
.style1 {color: #FF0000; font-size:24px; font-weight:bold; text-align: center;}
.style2 {color: #000000; font-size:16px; font-weight:bold; text-align: center;}
-->
</style>
</head>

<body><br />
<div style="text-align:center">
<span class="style1">Account Suspended</span><br /><br /><br />
<span class="style2">This account has been supended for Terms of Service Violations.<br />
 The account owner has been informed regarding this.</span>

</div>
</body>
</html>
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

February 09, 2009, 11:37:04 am
Reply #3

sualck

  • Newbie

  • Offline
  • *

  • 6
I get the attached file

February 09, 2009, 12:39:22 pm
Reply #4

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
This is dropper for spy(bho)/downloader trojan.