Trojan not detected at 74 dot 82 dot 193 dot 99

See: http://www.virustotal.com/url-scan/report.html?id=cd04f398014ec3db98a077b01de2ae08-1325004894
and
http://www.virustotal.com/file-scan/report.html?id=7757319772d502a6fd9694e7087e2a11db0b78904577d04c08fcc055dcfeea3b-1325008596
PDF malware, a trojan, the unit element of a botnet
Hosts…AS15003 hosts
…malicious URLs? Yes
…badware? Yes
…exploit servers? Yes
…Zeus botnet servers? Yes
…Current Events? Yes
…spam bots? Yes
…spam activity? Yes
See: http://amada.abuse.ch/?search=74.82.193.99
also see: -http://www.malware.pl/report/74.82.193.99 with Exploit.JS.Pdfka.fjy, BckPbot.B and JS/Exploit.Pdfka.PFU trojan,

polonus

Hi Polonus

http://online.us.drweb.com/cache/?i=0c0a3bd3f505636d38905178d420685e

09250.pdf - archive PDF

09250.pdf probably infected with SCRIPT.Virus
09250.pdf/FormStream[00000001][000000AB] - archive JS-HTML

09250.pdf/FormStream[00000001][000000AB]/JSTAG_1[1e8][16fc4] - Ok
09250.pdf/FormStream[00000001][000000AB] - Ok
09250.pdf - Ok

Hi Dim@rik,

DrWeb URL Checker is improving detecting this as suspicious:

Checking: -http://fdp2.ph
Engine version: 7.0.0.11250
Total virus-finding records: 2477912
File size: 6751 bytes
File MD5: 996b414c14af0215cf11b03cce489b6d

-http://fdp2.ph - archive JS-HTML

-http://fdp2.ph/JSTAG_1[51f][391] - Ok
-http://fdp2.ph/JSTAG_2[8db][681] - Ok
-http://fdp2.ph/JSTAG_3[f91][1ab] - Ok
-http://fdp2.ph/JSTAG_4[1164][37a] - Ok
-http://fdp2.ph/JSTAG_5[1506][3a4] - Ok
-http://fdp2.ph/JSTAG_6[18e4][dd] - Ok
-http://fdp2.ph/JSTAG_7[19ed][55] - Ok
-http://fdp2.ph/JSTag_8[8e0][67c] - Ok
-http://fdp2.ph/JSTag_9[f96][1a6] - Ok
-http://fdp2.ph probably infected with SCRIPT.Virus
-http://fdp2.ph/JSTag_10[1169][375] - Ok
-http://fdp2.ph/JSTag_11[150b][39f] - Ok
-http://fdp2.ph - Ok

Just feed “pid=5POLF2X98” as a google search query to google and you will see it is looking up adware “adsph\index” results - these come from a Singapore phish tracker - Metro Manilla,
So the suspicious script is an adware Phishing Script,

polonus