Malware from Counter Strike Server

#14455 by Waves97
Thu Jul 05, 2012 7:19 pm

Hi!
When I played CS automatically minimized it to me and downloading starting.
https://www.virustotal.com/file/659352d ... 341515031/

It's trojan ;)

Attachments

Counter Strike Malware.7z

Pass: sg
(1.09 KiB) Downloaded 47 times

Username

Waves97

Posts

33

Joined

Sat Jun 02, 2012 4:41 pm

Location

Poland

Re: Malware from Counter Strike Server

#14456 by Waves97
Thu Jul 05, 2012 8:01 pm

And next sample of this malware :)

Attachments

test.7z

pass: virus
(47.04 KiB) Downloaded 52 times

Username

Waves97

Posts

33

Joined

Sat Jun 02, 2012 4:41 pm

Location

Poland

Re: Malware from Counter Strike Server

#14458 by rkhunter
Thu Jul 05, 2012 8:47 pm

Waves97 wrote:And next sample of this malware :)

Delphi...

Name - GBot

My name is "G-Bot" or "GBot"!

Copies itself to C:\WINDOWS\WinUpdaterstd\svchost.exe
Autorun from: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\WinUpdaterstd

POST /
HTTP/1.1
Host:
User-Agent:
Referer:
Content-Type: application/x-www-form-urlencoded
Content-Length:
Connection: close
Mozilla/5.0 (Linux; U; Android 1.6; en-us; eeepc Build/Donut) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1
Mozilla/5.0 (Linux; U; Android 2.1-update1; ru-ru; GT-I9000 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17
Mozilla/5.0 (Linux; U; Android 2.2; ru-ru; GT-I9000 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)
Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)
1.5
Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)
Opera/9.80 (X11; Linux i686; U; ru) Presto/2.6.30 Version/10.61
Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.6.30 Version/10.63
Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.7.62 Version/11.00
Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.0)
Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2)
Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0)
Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.1)
Opera/7.51 (Windows NT 5.0; U) [en]
Opera/7.51 (Windows NT 5.1; U) [en]
Opera/7.51 (Windows NT 5.2; U) [en]
Opera/7.51 (Windows NT 6.0; U) [en]
Opera/7.51 (Windows NT 6.1; U) [en]
Opera/7.50 (Windows XP; U)
Googlebot
Slurp
MSNBot
Teoma
Scooter
ia_archiver
Lycos
Yandex
StackRambler
Mail.Ru

hxxp://www.wannabrowser.ru/
hxxp://www.opera.com/
hxxp://www.1tv.ru/
hxxp://upyachka.ru/
hxxp://www.youtube.com/
hxxp://www.f-1.ru/
hxxp://www.fc-zenit.ru/
hxxp://www.rambler.ru/
hxxp://2ip.ru/
hxxp://www.lenta.ru/
hxxp://www.nigma.ru/
hxxp://wikipedia.org/
hxxp://pentagon.afis.osd.mil/
hxxp://www.mail.ru/
hxxp://www.vkontakte.ru/
hxxp://www.google.com/
hxxp://www.yahoo.com/
hxxp://www.hardcoreporn.com/
hxxp://www.sexymama.com/
hxxp://www.live.com/
hxxp://vkontakte.ru/
hxxp://www.mozilla-europe.org/
hxxp://www.webmoney.ru/
hxxp://whois.domaintools.com/
hxxp://www.nysite.com/
hxxp://www.westwestsidemusic.com/
hxxp://www.westside-barbell.com/
hxxp://www.mywestside.com/
hxxp://www.westsidestory.com/
hxxp://www.westsiderentals.com/