View Full Version : some FB shared malware.
evaluator
February 18th, 2014, 10:39
some hot link was shared on FB:
http://tiny.cc/nt7ebx#UZwLn=Avier
goes to
http://www.fileshareservices.net/ads21.html?ref=1702&aff_sub=1702&sub_id=1702
ps did not ran myself yet
EDIT update:
I ran this in VM and it has downloaded another NET runtime thingies..
password: malware
wbe
February 18th, 2014, 16:29
FB is the root of all eval, ...erm, evil.
P.S.: Guncelle=Update in TR. Fancy that, looks like some compatriot has involved in spreading malware.
evaluator
February 19th, 2014, 11:28
do you mean, it is NOT malware??
and 34 of 50 AV are wrong?
https://www.virustotal.com/en/file/42aff123de91c0ae75ab544aa0a87e047277ca725e3e42e97cfa36e71ba80fd9/analysis/
Woodmann
February 19th, 2014, 22:39
He's saying it is a malware with some info included that indicates someone
from his country is involved.
Woodmann
malice
March 17th, 2014, 01:07
The piece you attached is a very simplistic downloader, probably written by a teenager. It achieves persistence via registry, then connects to http://www.fileshareservices.org/extFiles/control409.txt to get the URL for another file, which it then downloads and executes. Presently the file control409.txt does not exist at fileshareservices.org though, so the malware is basically harmless until someone creates it.
evaluator
March 17th, 2014, 08:03
well, at that day I downloaded more then 2mb other NET executables, then deleted those.. did not want to keep such trash even in thread..
Powered by vBulletin® Version 4.2.2 Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.