Powered by Max Banner Ads 

Our Honeypots caught this drive-by download from the following site:

sid

Looks like another blog… the word ‘porn’ is used, well, abundantly.

The site is registered to some guy in Panama.

tube

Other domains sharing nameserver:

tube2

They all point to this fake codec site:

01

The malware file, as with many fake codecs is from exe-xxx-file.com.

A quick virus Total analysis reveals that this file is pretty much unknown to most AV vendors:

o2

If you happen to be infected with that trojan, it will not go un-noticed:

lv

cof

cong

Those links are dangerous, stay away unless you know what you’re doing.

Jerome Segura

Malware ID: 749ebc5c812c3d26022a4df847b11d09.zip

Share and Enjoy:
  • Digg
  • Bumpzee
  • del.icio.us
  • Facebook
  • Furl
  • Mixx
  • NewsVine
  • Reddit
  • StumbleUpon
  • YahooMyWeb
  • Google Bookmarks

Related posts:

  1. Avoiding Trojan Horse Infections  Powered by Max Banner Ads You can also get your...
  2. New DNS Changer Trojan  Powered by Max Banner Ads I came across a site...
  3. Trojan Horse Removal – What Is a Trojan Horse Virus?  Powered by Max Banner Ads People often confuse the terms...
  4. New Mac Jahlav Trojan  Powered by Max Banner Ads I found a new Mac...
  5. How to Completely Remove a Trojan Horse Virus Quickly?  Powered by Max Banner Ads Do you want to learn...

Related posts brought to you by Yet Another Related Posts Plugin.