Author Topic: systemprotect-zone.net and securityearth.cn (Read 3775 times)

eoin.miller · October 20, 2009, 09:19:58 pm

FakeAV:
http://systemprotect-zone.net/build6_213.php?cmd=getFile&counter=43&p=WKmimHVmaWyHjsbIo22EeXZe0KCfZlbVoKDb2YmHWJjOxaCbkX1%2Ba16orKWekJXIZWhimmVummWIo6THodjXoGJdpqmikpVuZ21uaW9mb1%2FEkKE%3D

Virustotal:
http://www.virustotal.com/analisis/0d0042bd45932e55d6d8e5c1bf9c44b83ef6b5c2dfd376a0720a5a2b5602e609-1256072897
File 2-6-4_app_1.octetstream received on 2009.10.20 21:08:17 (UTC)
Result: 3/41 (7.32%)

Infected host makes tons of posts to:
securityearth.cn/Reports/MicroinstallServiceReport.php

and gets to:
update2.windowsenterprisedefender.com (already in MDL list)
update1.windowsenterprisedefender.com (already in MDL list)

Author Topic: systemprotect-zone.net and securityearth.cn (Read 3775 times)

eoin.miller

systemprotect-zone.net and securityearth.cn