Author Topic:  (Read 5247 times)

0 Members and 1 Guest are viewing this topic.

December 26, 2008, 11:39:40 pm
Read 5247 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
The URL it loads is;

This is loaded in a 1x1 iFrame, and contains one hell of a mess;

Which eventually decodes to download the payload from;

= /load.exe

Which according to Avira, is the TR/Crypt.XPACK.Gen trojan

It also tries loading a PDF exploit;

= /9415.pdf

Which according to Avira is: EXP/Piedief.CL.1 exploit

Steven Burn
I.T. Mate / hpHosts /