Site ‘Under construction’ hosts malware

October 23rd, 2009

Our Honeypots caught the following site: dataprovedor.com.

Is this site really under construction? It looks like some kind of web portal.

Regardless, let’s get to the subject that got us here in the first place: The malware.

In a sub directory called images you can see two files, one is an exe, the other a php which redirects to the exe.

I found it rather smart that the file name for the exe is in the form of DSCXXXXX. For those who own a Sony camera (or possibly other Sony products) this is the default name to which images are saved to.

So, one bonus point for the social engineering trick.

The time stamp also indicates that those files have been uploaded recently, to what I think is a hacked server.

The online file checker Jotti reveals that the file may be part of the Banload Trojans family, but is poorly detected at the time of writing:

Jerome Segura

Malware ID: 2b65626b2442521307d68a53c0b5e6aa.zip

This entry was posted on Friday, October 23rd, 2009 at 3:09 pm and is filed under Exploits. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Site ‘Under construction’ hosts malware

Comments: