New Trojan .JS (undetected)

system · January 3, 2011, 1:18pm

Hi,
After searching something on Google I found a old “friend” in 2 new versions

Warning real threat, do not open or download any file from that site!!!


Filename offer to download "InstallAntivirus2010.exe" URL: "hxxp://hoercerg.co.cc/a031249/get/?v=0&peok=lljkdf34sr5sse&k=8Hfr4It&u=156&t=1"
hxxp://hoercerg.co.cc/a031249/?u=156&t=1

Filename offer to download "avinst_2004_gh5.exe" URL: "hxxp://62f5f.a2agenesecures.com/load/avinst_2004_gh5.exe"
hxxp://ggkfb.a2agenesecures.com/?id=2004&sz=6c00ebfb0&vb=1

And the corrupted site is “dermoscopy.co.uk”:


hxxp://www.google.ro/url?q=http://dermoscopy.co.uk/creekside-img-tool-1.2.1-download/&sa=U&ei=HcQhTcH1AdCfOsLXxZUJ&ved=0CDIQFjAJOAo&usg=AFQjCNFc57Jd82kN45Gxw-fh_3ss8u6-5g

[Edit]
I done some reports as well, and seems that this one it “brand” new! (Today, 03.01.2011 )
http://www.virustotal.com/url-scan/report.html?id=1189aa893792fcf18c4317da21d83383-1294057648

File name: InstallAntivirus2010.exe, Result:8/42 (19.0%)
http://www.virustotal.com/file-scan/report.html?id=c500bcf869a63cb2db148c09f562bc3595ca470072c47f9bf01890fa1d181c72-1294061302

File name: avinst_2004_gh7.exe, Result:11/42 (26.2%)
http://www.virustotal.com/file-scan/report.html?id=845cfa3ad9bad97bb04dd81571cc5f1150a25d5f26e9977f066f765d8fe64323-1294032398

Pondus · January 3, 2011, 1:39pm

VirusTotal - InstallAntivirus2010.exe - 8/43
http://www.virustotal.com/file-scan/report.html?id=065f553a77a8edbd2f61043593220bc618e4ba323aacff3907f68cb018272942-1294061949

Sample is sendt avast!

New Trojan .JS (undetected)

Announcements