« previous next »
Pages: [1]   Go Down

Author Topic: Trojan not detected at 74 dot 82 dot 193 dot 99  (Read 1756 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Trojan not detected at 74 dot 82 dot 193 dot 99
« on: December 27, 2011, 07:16:41 PM »
See: http://www.virustotal.com/url-scan/report.html?id=cd04f398014ec3db98a077b01de2ae08-1325004894
and
http://www.virustotal.com/file-scan/report.html?id=7757319772d502a6fd9694e7087e2a11db0b78904577d04c08fcc055dcfeea3b-1325008596
PDF malware, a trojan, the unit element of a botnet
Hosts...AS15003 hosts
...malicious URLs? Yes 
...badware? Yes 
...exploit servers? Yes 
...Zeus botnet servers? Yes 
...Current Events? Yes 
...spam bots? Yes 
...spam activity? Yes 
See: http://amada.abuse.ch/?search=74.82.193.99
also see: -http://www.malware.pl/report/74.82.193.99 with Exploit.JS.Pdfka.fjy, BckPbot.B and JS/Exploit.Pdfka.PFU trojan,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Trojan not detected at 74 dot 82 dot 193 dot 99
« Reply #1 on: December 27, 2011, 08:12:35 PM »
Quote from: polonus on December 27, 2011, 07:16:41 PM
See: http://www.virustotal.com/url-scan/report.html?id=cd04f398014ec3db98a077b01de2ae08-1325004894
and
http://www.virustotal.com/file-scan/report.html?id=7757319772d502a6fd9694e7087e2a11db0b78904577d04c08fcc055dcfeea3b-1325008596
PDF malware, a trojan, the unit element of a botnet
Hosts...AS15003 hosts
...malicious URLs? Yes 
...badware? Yes 
...exploit servers? Yes 
...Zeus botnet servers? Yes 
...Current Events? Yes 
...spam bots? Yes 
...spam activity? Yes 
See: http://amada.abuse.ch/?search=74.82.193.99
also see: -http://www.malware.pl/report/74.82.193.99 with Exploit.JS.Pdfka.fjy, BckPbot.B and JS/Exploit.Pdfka.PFU trojan,

polonus


Hi Polonus

http://online.us.drweb.com/cache/?i=0c0a3bd3f505636d38905178d420685e

09250.pdf - archive PDF
>09250.pdf probably infected with SCRIPT.Virus
>09250.pdf/FormStream[00000001][000000AB] - archive JS-HTML
>>09250.pdf/FormStream[00000001][000000AB]/JSTAG_1[1e8][16fc4] - Ok
>09250.pdf/FormStream[00000001][000000AB] - Ok
09250.pdf - Ok

Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Trojan not detected at 74 dot 82 dot 193 dot 99
« Reply #2 on: December 27, 2011, 10:37:10 PM »
Hi Dim@rik,

DrWeb URL Checker is improving detecting this as suspicious:

Checking: -http://fdp2.ph
Engine version: 7.0.0.11250
Total virus-finding records: 2477912
File size: 6751 bytes
File MD5: 996b414c14af0215cf11b03cce489b6d

-http://fdp2.ph - archive JS-HTML
>-http://fdp2.ph/JSTAG_1[51f][391] - Ok
>-http://fdp2.ph/JSTAG_2[8db][681] - Ok
>-http://fdp2.ph/JSTAG_3[f91][1ab] - Ok
>-http://fdp2.ph/JSTAG_4[1164][37a] - Ok
>-http://fdp2.ph/JSTAG_5[1506][3a4] - Ok
>-http://fdp2.ph/JSTAG_6[18e4][dd] - Ok
>-http://fdp2.ph/JSTAG_7[19ed][55] - Ok
>-http://fdp2.ph/JSTag_8[8e0][67c] - Ok
>-http://fdp2.ph/JSTag_9[f96][1a6] - Ok
>-http://fdp2.ph probably infected with SCRIPT.Virus
>-http://fdp2.ph/JSTag_10[1169][375] - Ok
>-http://fdp2.ph/JSTag_11[150b][39f] - Ok
-http://fdp2.ph - Ok

Just feed "pid=5POLF2X98" as a google search query to google and you will see it is looking up adware "adsph\index" results - these come from a Singapore phish tracker - Metro Manilla,
So the suspicious script is an adware Phishing Script,


polonus
« Last Edit: December 27, 2011, 10:41:18 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »