Real trojan dropper here?

See: htxp://zulu.zscaler.com/submission/show/e66e15874416bdd9a98f60f30828bb1c-1331837415
See: htxps://www.virustotal.com/file/9adc195082d1bfc59baf5a9036c8c60c8d0325934ab3e356ef853f476e2e20ab/analysis/
Analysis see: hxtp://anubis.iseclab.org/?action=result&task_id=1ce5256b86470a4a4416c834172a11b26
Reported to virus AT avast dot com,

polonus

well…difficult to say since the link is dead http://www.downforeveryoneorjustme.com/http://tube142-hosting.fartit.com/download-id58046/

but from the zulu link it seems there used to be a flash_player.exe there…since the link is dead i guess it was fake :wink:
http://zulu.zscaler.com/submission/show/9f6699a45bbb88611a57ed582c373ac4-1331838890

Hi Pondus,

Some links on that page fartit dot com sure were laden with many malcious scripts, trojans and exploits

Trying to go there, I get a failure: Name or service not known>resolves to a private IP address → Accept-Encoding: gzip
GET /submission/show/e66e15874416bdd9a98f60f30828bb1c-1331837415 HTTP/1.0

Received Header Data
HTTP/1.1 403 Forbidden
Date: Thu, 15 Mar 2012 22:08:50 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 336
Connection: close
Content-Type: text/html; charset=iso-8859-1

403 Forbidden

Forbidden

You don't have permission to access /submission/show/e66e15874416bdd9a98f60f30828bb1c-1331837415 on this server.


Apache/2.2.14 (Ubuntu) Server at 127.0.0.1 Port 80 Analysis for fartit dot com found these issues: This is not encouraging: hxtp://www.mywot.com/en/scorecard/fartit.com?src=addon-popup-donuts This link there is suspicious: hxtp://www.google.com/safebrowsing/diagnostic?site=http%3A//freeddns.com/ and this outward link is even worse: htxp://www.google.com/safebrowsing/diagnostic?site=http%3A//freetcp.com/ and then there is this link also with malcontent: htxp://www.google.com/safebrowsing/diagnostic?site=freewww.biz

polonus