Author Topic: And more Trojan/Bancos  (Read 3413 times)

0 Members and 1 Guest are viewing this topic.

March 24, 2011, 11:14:38 am
Read 3413 times

rawdata

  • Jr. Member

  • Offline
  • **

  • 14
The site is hosted at:
Code: [Select]
http://210.18.21.12.sify.net/images/view.asp?4959322000000 (210.18.21.12)
This redirects to:
Code: [Select]
http://70.168.253.213/includes/DOC2421995221142442.exethis is a Trojan/Downloader, which after being run downloads files from:
Code: [Select]
http://www.neslhk.com/obr/biling/a.gif
http://www.neslhk.com/obr/biling/b.gif
http://www.neslhk.com/obr/biling/li.gif
The following requests for this trojan are returning 404:
Code: [Select]
http://www.naturesunshinegt.com/plugins/system/legacy/wab.php
http://www.colegiometas.com.br/hwid.ini

A fake receipt is stored at:
Code: [Select]
http://70.46.79.251/PSP/PSP/comprovativo.html

March 30, 2011, 02:50:24 am
Reply #1

volksjaeger

  • Jr. Member

  • Offline
  • **

  • 15
Trojan;
Code: [Select]
www.controlacnenow.com/?p=3437JS/Clicker.CA
JS/Downloader.Agent
TrojanClicker:HTML/Iframe.J
http://www.virustotal.com/file-scan/report.html?id=10de2ff2f02348192b7696ce4c9b563045a1a5a79a80653b082ccce142a031db-1301452951