Kronos

See: https://www.virustotal.com/nl/url/7ab1deb888043f699a409bffdb5b8f895c04f828fc9b415ca05c317478721502/analysis/1407264216/
three flag. 192.154.110.232 unble to scan site, unable to connect.
Detected and IDS alert: http://urlquery.net/report.php?id=1407264392211
“ET INFO HTTP Connection To DDNS Domain Myvnc dot com”
IP badness history: https://www.virustotal.com/nl/ip-address/192.154.110.232/information/
Kronos spreading through malvertising via malicious dynamic dns.

polonus