« previous next »
Pages: [1]   Go Down

Author Topic: cityofalexander.org/ - FakeAV  (Read 3340 times)

0 Members and 1 Guest are viewing this topic.

August 19, 2009, 08:25:21 pm
Read 3340 times

eoin.miller

  • Sr. Member
  • Offline
  • ****
  • 179
cityofalexander.org/ - FakeAV
http://www.cityofalexander.org/images/install.exe - TrojanDownlader/FakeAV
VirusTotal analysis for above binary:
http://www.virustotal.com/analisis/60c154a9e22d605a7ddb958557f4d9f62a1eb46ad8cfb6f2c4c372a9d1fcc9a9-1250681633

http://core2606.sviniakopilka.com/d_install_all.cgi?host=domain_for_advare&id=2606 - FakeAV (Windows AntiVirus Pro)
VirusTotal analysis for above binary:
http://www.virustotal.com/analisis/65921629041ccf178ef70b5239c4cf64d9c6c99a4dce1e1e3438931ff65f4871-1250694970

http://core2606.sviniakopilka.com/d_program_all.cgi?host=host&id=2606 - FakeAV (Windows AntiVirus Pro)
http://www.virustotal.com/analisis/3f1ea1d6b29b2a3797766223186cb91d301c3241da7ca988e28987829a7ed194-1250693056


After this, the programs start loading content from join2606.safebilling-2.com:
http://join2606.safebilling-2.com/signup.cgi?ver=3&aff=2606


Saw this sites getting contacted by Win32.Cryptor infected hosts.
Logged
Pages: [1]   Go Up
« previous next »