« previous next »
Pages: [1]   Go Down

Author Topic: New Trojan .JS (undetected)  (Read 1990 times)

0 Members and 1 Guest are viewing this topic.

tranzitwww

  • Guest
New Trojan .JS (undetected)
« on: January 03, 2011, 02:18:18 PM »
Hi,
After searching something on Google I found a old "friend" in 2 new versions :)

Warning real threat, do not open or download any file from that site!!!
Code: [Select]
Filename offer to download "InstallAntivirus2010.exe" URL: "hxxp://hoercerg.co.cc/a031249/get/?v=0&peok=lljkdf34sr5sse&k=8Hfr4It&u=156&t=1"
hxxp://hoercerg.co.cc/a031249/?u=156&t=1

Filename offer to download "avinst_2004_gh5.exe" URL: "hxxp://62f5f.a2agenesecures.com/load/avinst_2004_gh5.exe"
hxxp://ggkfb.a2agenesecures.com/?id=2004&sz=6c00ebfb0&vb=1

And the corrupted site is "dermoscopy.co.uk":
Code: [Select]
hxxp://www.google.ro/url?q=http://dermoscopy.co.uk/creekside-img-tool-1.2.1-download/&sa=U&ei=HcQhTcH1AdCfOsLXxZUJ&ved=0CDIQFjAJOAo&usg=AFQjCNFc57Jd82kN45Gxw-fh_3ss8u6-5g

[Edit]
I done some reports as well, and seems that this one it "brand" new! (Today, 03.01.2011 :) )
http://www.virustotal.com/url-scan/report.html?id=1189aa893792fcf18c4317da21d83383-1294057648

File name: InstallAntivirus2010.exe, Result:8/42 (19.0%)
http://www.virustotal.com/file-scan/report.html?id=c500bcf869a63cb2db148c09f562bc3595ca470072c47f9bf01890fa1d181c72-1294061302

File name: avinst_2004_gh7.exe, Result:11/42 (26.2%)
http://www.virustotal.com/file-scan/report.html?id=845cfa3ad9bad97bb04dd81571cc5f1150a25d5f26e9977f066f765d8fe64323-1294032398
« Last Edit: January 03, 2011, 02:45:13 PM by tranzitwww »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37582
  • Not a avast user
Re: New Trojan .JS (undetected)
« Reply #1 on: January 03, 2011, 02:39:44 PM »
« Last Edit: January 03, 2011, 02:47:35 PM by Pondus »
Logged
Pages: [1]   Go Up
« previous next »