Hi forum friends,
See: http://www.virustotal.com/url-scan/report.html?id=7cdd003f9a193779682674ea27d5ea67-1323695329 and: http://www.virustotal.com/file-scan/report.html?id=4a5e25bedaf85f6cb26454e52c83706e7bb307b060c5e80dd5f35c3062c6ba7b-1323699090 See: Togglevirusname: mdl_Blackhole exploit kit to unknown_html_RFI RIPE AZ vugar at kouliyev dot com 78.111.51.119 to 78.111.51.119 bij dot pl -http://sitemoved.bij.pl/main.php?page=e71ba5a840b27af9 See: http://urlquery.net/queued.php?id=11398 Anubis analysis: http://anubis.iseclab.org/?action=result&task_id=1f9bfa164fc53853401db8ce9158e0af0 has process name process WDUF49AN\main[1].php =Trojan SpyEye to steal bank accounts
polonus
Nice work!