Powered by Max Banner Ads 

Our Honeypots caught this drive-by download from the following site:

sid

Looks like another blog… the word ‘porn’ is used, well, abundantly.

The site is registered to some guy in Panama.

tube

Other domains sharing nameserver:

tube2

They all point to this fake codec site:

01

The malware file, as with many fake codecs is from exe-xxx-file.com.

A quick virus Total analysis reveals that this file is pretty much unknown to most AV vendors:

o2

If you happen to be infected with that trojan, it will not go un-noticed:

lv

cof

cong

Those links are dangerous, stay away unless you know what you’re doing.

Jerome Segura

Malware ID: 749ebc5c812c3d26022a4df847b11d09.zip

Share and Enjoy:
  • Digg
  • Bumpzee
  • del.icio.us
  • Facebook
  • Furl
  • Mixx
  • NewsVine
  • Reddit
  • StumbleUpon
  • YahooMyWeb
  • Google Bookmarks

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.