The URL it loads is;
helinking.cn/nt/index.php
This is loaded in a 1x1 iFrame, and contains one hell of a mess;
http://vurl.mysteryfcm.co.uk/?url=151355Which eventually decodes to download the payload from;
helinking.cn/nt/load.php?id=4293&spl=4
= /load.exe
Which according to Avira, is the TR/Crypt.XPACK.Gen trojan
It also tries loading a PDF exploit;
helinking.cn/nt/pdf.php?id=4293
= /9415.pdf
Which according to Avira is: EXP/Piedief.CL.1 exploit
Topic: 1centptc.info (Read 5247 times)
