Hi forum friends,
The specific kit involved is called Crimepack, as they so helpfully included in their exploit code, see attached, to achieve the browser-exploit kit interaction. Maybe there is a connection to Zbot infection or Trojan-downloader Java infection, as they seem to use a number of of random 8-bit characters, used in massive phishing campaigns. Should avast flag such code?
Binairies analyzed here:
http://anubis.iseclab.org/?action=result&task_id=1102421ddeae08c6441a3d902b8e74b48
polonus
Pondus
3
Hi Pondus,
Thank you, so we are protected against JS:Downloader-ABU [Trj] by avast,
polonus