Author Topic: Trojan/Bancos more domains  (Read 3277 times)

0 Members and 1 Guest are viewing this topic.

April 07, 2011, 01:15:34 pm
Read 3277 times

rawdata

  • Jr. Member

  • Offline
  • **

  • 14
Code: [Select]
http://ellib.gpntb.ru/subscribe/web.php

http://220.135.213.248/aspnet_client/system_web/JAVA/index.htm
this is a trojan/Downloader, which after being run downloads files from:
Code: [Select]
http://www.neslhk.com/fotogalerie/images/writable_false_up.gif (89.187.133.101)
http://ellib.gpntb.ru/subscribe/array.gif
http://ellib.gpntb.ru/subscribe/corporate.gif


April 08, 2011, 10:00:38 am
Reply #1

rawdata

  • Jr. Member

  • Offline
  • **

  • 14
Same trojan, new hosting

Code: [Select]
http://ellib.gpntb.ru/subscribe/host.php (193.233.14.8)
This redirects to:
Code: [Select]
http://220.149.46.53/sosic/index1.htm which is fake web page linking to a Trojan downloader

All the same after this new step