Author Topic: Mebroot distribution by Virut  (Read 3161 times)

0 Members and 1 Guest are viewing this topic.

December 15, 2009, 11:19:13 pm
Read 3161 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Today our member crunchtime has reported a Virut sample

http://www.malwaredomainlist.com/forums/index.php?topic=3610.0

that downloads a file from :

hxxp://maxdomzhit.com/file.exe.

I checked the file and was surprized. It is sample of the infamous Mebroot.
This distribution method is unusual, because Mebroot uses dedicated infection domains running Neosploit for its deployment.

I have found other Threatexpert reports that show similar cases.

http://www.threatexpert.com/report.aspx?md5=65ea82813ea518fa085d18dad4782363
http://www.google.com/search?hl=en&source=hp&q=site%3Athreatexpert.com+%2Bmaxdomzhit.com

Ruining the bad guy's day

March 25, 2010, 08:39:46 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Found another TE report of a Virut samples which spreads Mebroot and Zeus.

http://www.threatexpert.com/report.aspx?md5=78dfac426b260a7f0fc1b42235112b72

Mebroot url is:

Code: [Select]
frensomo.com/ld/jagr/jagr.bzz
Ruining the bad guy's day