Milestone Antivirus
20/42 >> 47.6%
http://www.virustotal.com/file-scan/rep ... 1307516228
for spoof a referrer if you have firefox: download refspoof here ~ https://addons.mozilla.org/en-us/firefo ... /refspoof/ or RefControl: https://addons.mozilla.org/en-us/firefo ... efcontrol/
In case of refspoof, for make it work with firefox 4.* download the .xpi and rename it to .xpi.rar
Extract the install.rdf, open it with notepad and change the line
print.graphytop.be/SpryAssets/wp-page.php?k=Olympic-Stadium-Design
redirect me on: hxxp://ziqlrrin.co.cc/?s=sF02x5vHzDPss90cW%2BxIuTF6DEG3BXiqO8QeR%2BBqhq4ii28rS%2Fbop8pxMGQ5VwgEhA%3D%3D
Abuse sent ~ http://www.co.cc/prosecution/prosecution.php
I've ripped the html page of the fake scanner if you guys are interested, btw most interesting fake scanner page i've see for the moment are the security shield one, they use base64 then rsa with a 26 or 27 bits modulo and then again base64, and this just with javascript :D
heavy to load but fun to 'depack'
20/42 >> 47.6%
http://www.virustotal.com/file-scan/rep ... 1307516228
for spoof a referrer if you have firefox: download refspoof here ~ https://addons.mozilla.org/en-us/firefo ... /refspoof/ or RefControl: https://addons.mozilla.org/en-us/firefo ... efcontrol/
In case of refspoof, for make it work with firefox 4.* download the .xpi and rename it to .xpi.rar
Extract the install.rdf, open it with notepad and change the line
Code: Select all
by
<em:maxVersion>3.0.*</em:maxVersion>
Code: Select all
After, just repack the file and install.<em:maxVersion>4.*.*</em:maxVersion>
print.graphytop.be/SpryAssets/wp-page.php?k=Olympic-Stadium-Design
redirect me on: hxxp://ziqlrrin.co.cc/?s=sF02x5vHzDPss90cW%2BxIuTF6DEG3BXiqO8QeR%2BBqhq4ii28rS%2Fbop8pxMGQ5VwgEhA%3D%3D
Abuse sent ~ http://www.co.cc/prosecution/prosecution.php
I've ripped the html page of the fake scanner if you guys are interested, btw most interesting fake scanner page i've see for the moment are the security shield one, they use base64 then rsa with a 26 or 27 bits modulo and then again base64, and this just with javascript :D
heavy to load but fun to 'depack'
Attachments
pwd: xylibox
(146.53 KiB) Downloaded 76 times
(146.53 KiB) Downloaded 76 times
pwd: infected
(2.16 MiB) Downloaded 85 times
(2.16 MiB) Downloaded 85 times
Last edited by EP_X0FF on Mon Oct 31, 2011 6:55 am, edited 1 time in total.
Reason: title edited