#Hint-1 11thWeek Crusade | TDS Sutra leads

1. =======================================
2. #MalwareMustDie | Fri Nov 16 20:57:41 JST 2012
3. Week 11th since the first Crusade
4. Hint #1 - TDS Sutra leads
5. =======================================
6.  
7. The angel hinted the clue on:
8.  
9. accountpro001.ru/flow08.php
10. accountpro002.ru/flow08.php
11. accountpro003.ru/flow08.php
12. accountpro004.ru/flow08.php
13. accountpro005.ru/flow08.php
14. accountpro006.ru/flow08.php
15. accountpro007.ru/flow08.php
16. accountpro007.ru/flow4.php
17. accountpro008.ru/flow08.php
18. azbuka001.pro/flow08.php
19. azbuka002.pro/flow08.php
20. azbuka003.pro/flow08.php
21. azbuka004.pro/flow08.php
22. azbuka005.pro/flow08.php
23. azbuka006.pro/flow08.php
24. azbuka007.pro/flow08.php
25. azbuka008.pro/flow08.php
26. promoution170.ru/flow08.php
27. promoution208.ru/flow08.php
28. promoution209.ru/flow08.php
29. promoution210.ru/flow08.php
30. promoution212.ru/flow08.php
31. promoution213.ru/flow08.php
32. promoution214.ru/flow08.php
33. promoution215.ru/flow08.php
34. promoution216.ru/flow08.php
35. promoution219.ru/flow08.php
36. www.accountpro003.ru/flow08.php
37. www.accountpro004.ru/flow08.php
38. www.accountpro007.ru/flow08.php
39.  
40. ----example------
41.  
42. One url i.e.:
43. h00p://azbuka001.pro/flow5.php
44.  
45. will open 7 iframers... to:
46. IFRAME: h00p://azbuka001.pro/flow1.php
47. IFRAME: h00p://azbuka001.pro/flow2.php
48. IFRAME: h00p://azbuka001.pro/flow3.php
49. IFRAME: h00p://azbuka001.pro/flow4.php
50. IFRAME: h00p://azbuka001.pro/flow5.php
51. IFRAME: h00p://azbuka001.pro/flow6.php
52. IFRAME: h00p://azbuka001.pro/flow7.php
53.  
54. They leads to: IFRAME: h00p://reservedir001.ru/tds/in.cgi?default <=== evil enough for the further investigation
55.  
56. quest targets = latest threat uptime status, payload, EK name, CnC.
57.  
58. ----
59. #MalwareMustDie