SHARE
TWEET

Trojan bankings served in Google Code

MalwareMustDie Mar 16th, 2014 719 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // #MalwareMustDie! $ date
  2. Mon Mar 17 05:32:01 JST 2014
  3. // Trojan bankings served in Google Code:
  4.  
  5. foto-0176.googlecode.com/svn/FOTO-0176.zip
  6. fotos-camera.googlecode.com/svn/FOTO-0176.zip
  7. fotos-documentos.googlecode.com/svn/FOTO001.zip
  8. fotos-documentos2012.googlecode.com/svn/FOTO99.zip
  9. fotos-novas.googlecode.com/svn/FOTO-71.zip
  10. meus-documentos.googlecode.com/svn/FOTO101.zip
  11. navegador-atualizado.googlecode.com/svn/Browser.zip
  12. navegador-atualizado.googlecode.com/svn/Navegador.zip
  13.  
  14. Callback: http://www.paineispanorama.com/geral/mail/leksverstel.zip
  15. In: Mon Mar 17 05:29:03 JST 2014|188.93.230.31|iberweb22a.ibername.com.|8426 | 188.93.224.0/21 | CLARANET | PT | CLARA.NET | CLARANET PORTUGAL TELECOMUNICACOES S.A.
  16.  
  17. HTTP Request:
  18. GET /geral/mail/leksverstel.zip HTTP/1.1
  19. User-Agent: rundll32.exe                        <==== to #BLOCK
  20. Host: www.paineispanorama.com
  21.  
  22. ^@unixfreaxjp $ date
  23. Mon Mar 17 05:32:01 JST 2014
RAW Paste Data
Top