To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Live malware URL. Wachovia "phish" page (not really):
h
ttp://c
ommercial.wachovia.online.financial.service.doexte.updatesessiondqvciirbte9vjbq.configlogin.viewcontent.moerde.com/verify.html?/Secure/rnalid/OSL.htm?LOB=3712470458&refer=qVciirbTe9Vjbqe
...trying to con victims into d/l'ing:
h
ttp://c
ommercial.wachovia.online.financial.service.doexte.updatesessiondqvciirbte9vjbq.configlogin.viewcontent.moerde.com/WachoviaDigicertx_509.exe
...which is, itself, a binary downloader that snags:
h ttp://s pacestormsinc.com/cb_4.exe
It's one of those bogus "to improve security of your online transactions
with us you need to install new certificates"
As to AV detection... cb4.exe already submitted to VT by someone else, so
that's easy:
http://www.virustotal.com/analisis/26917950a0987fc0a10505bb90032439
And the .EXE from the website:
http://www.virustotal.com/analisis/a5cd05390c94eee03b8fb78feb7ddf42
VERY spotty detection.. what else is new.
Gadi.
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
