To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- > smart.exe extracts the following files to to c:\Windows\tok (scanned with > AntiVir) > > mc-110-12-0000336.exe (DR/Dldr.NSIS.Agent.P.1) > smart.exe (?) > yaz.exe (TR/LowZones.CR.2) > zan.exe (TR/LowZones.CR.3) > run.bat > > I don't know yet what the unpacked smart.exe does. > > nick.. >
probably where the *profits* figure in .... the extracted smart.exe is a small VB downloader program, digitally signed by E.C.S. International, certificated issued by Thawte. downloads a bunch of files http:// promo. dollarrevenue.com/ bundle/drsmartload.exe http:// promo. dollarrevenue. com/ bundle/[EMAIL PROTECTED]&id=195 http:// promo. dollarrevenue. com/ bundle/[EMAIL PROTECTED]&id=195 http:// promo. dollarrevenue. com/ bundle/[EMAIL PROTECTED] the smartload.asp?**** are files containing a list of files, presumably to be donwloaded (yeah, more malware, poor user) http:// content.dollarrevenue. com/ newname6.exe http:// content.dollarrevenue. com/ keyboard6.exe http:// content.dollarrevenue. com/ mousepad6.exe http:// content.dollarrevenue. com/ sk02.exe http:// www. onli-ne. com/app/ADDR/ Installer.exe the "dollarrevenue. com" in the URL just screams of "spyware" _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
