Author Topic: 1centptc.info  (Read 4593 times)

0 Members and 1 Guest are viewing this topic.

December 26, 2008, 11:39:40 pm
Read 4593 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
The URL it loads is;

helinking.cn/nt/index.php

This is loaded in a 1x1 iFrame, and contains one hell of a mess;

http://vurl.mysteryfcm.co.uk/?url=151355

Which eventually decodes to download the payload from;

helinking.cn/nt/load.php?id=4293&spl=4

= /load.exe

Which according to Avira, is the TR/Crypt.XPACK.Gen trojan

It also tries loading a PDF exploit;

helinking.cn/nt/pdf.php?id=4293

= /9415.pdf

Which according to Avira is: EXP/Piedief.CL.1 exploit
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net