After promoting some spyware and other rogue security software, now this is another list of compromised websites all with obfuscated javascript code inserted which result in:
hxxp://94.247.2.195/news/?id=100
(Analysis)
which call
hxxp://94.247.2.195/news/?id=2
and download a PDF with a random name QRB.pdf, WXk.pdf ...
File size: 10417 bytes
MD5: af28f3bc9424a3da7ff8bc84740bce93
VirusTotal Analysis: 0/40 (0%)
when running it load
hxxp://94.247.2.195/news/?id=10&
hxxp://94.247.2.195/news/?id=100
(Analysis)
which call
hxxp://94.247.2.195/news/?id=2
and download a PDF with a random name QRB.pdf, WXk.pdf ...
File size: 10417 bytes
MD5: af28f3bc9424a3da7ff8bc84740bce93
VirusTotal Analysis: 0/40 (0%)
when running it load
hxxp://94.247.2.195/news/?id=10&
Read the full article
http://malware-web-threats.blogspot.com/2009/04/black-hat-seo-and-rogue-antivirus-p5.html
No comments:
Post a Comment