New ad-clicker Trojan

June 30th, 2009

Our Honeypots caught this drive-by download from the following site:

Looks like another blog… the word ‘porn’ is used, well, abundantly.

The site is registered to some guy in Panama.

Other domains sharing nameserver:

They all point to this fake codec site:

The malware file, as with many fake codecs is from exe-xxx-file.com.

A quick Virus Total analysis reveals that this file is pretty much unknown to most AV vendors:

If you happen to be infected with that Trojan, it will not go un-noticed:

Those links are dangerous, stay away unless you know what you’re doing.

Jerome Segura

Malware ID: 749ebc5c812c3d26022a4df847b11d09.zip

This entry was posted on Tuesday, June 30th, 2009 at 4:54 pm and is filed under Fake codecs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments