Malware sample which i came across recently. Its phising banker category.
Details of my research as follows:
MD5: 466688E7B5849F4BED92F98B4F99042A
SHA1: 46167CBB9D1C37497B1C0CF87877D945D9D26C83
VT results for the file- http://www.virustotal.com/file-scan/report.html?id=9a3424836e5798698c5b50f1872846cddb041f391d228dc2f4d8cce722b2d55c-1315893017
This malware change the automatic proxy config url withoutuser consent in all browsers (IE9, Firefox latest version, google chrome,etc.). HXXP://micro.asfsecure.com/kb971033.php
The link is not active. But previously visited recordsstates that script which redirect to fake banking site instead of legit one (sitesmentioned in the script).
Type:REG_SZ
Data:http://micro.asfsecure.com/kb971033.php
Post made by
newworld
No comments:
Post a Comment