Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 3 April 2009

Black Hat SEO planting trojans p.5

After promoting some spyware and other rogue security software, now this is another list of compromised websites all with obfuscated javascript code inserted which result in:

hxxp://94.247.2.195/news/?id=100
(Analysis)

which call

hxxp://94.247.2.195/news/?id=2

and download a PDF with a random name QRB.pdf, WXk.pdf ...

File size: 10417 bytes
MD5: af28f3bc9424a3da7ff8bc84740bce93

VirusTotal Analysis: 0/40 (0%)

when running it load

hxxp://94.247.2.195/news/?id=10&


Read the full article
http://malware-web-threats.blogspot.com/2009/04/black-hat-seo-and-rogue-antivirus-p5.html

No comments: