Win32/Medfos - Browser redirecting Trojan - Page 3

Re: Win32/Medfos - Browser redirecting Trojan

#20059 by thisisu
Fri Jul 12, 2013 12:52 am

Thanks for clearing that up for me :)

Username

thisisu

Posts

362

Joined

Sun Feb 26, 2012 8:57 am

Contact

Re: Win32/Medfos - Browser redirecting Trojan

#20553 by Blaze
Wed Aug 21, 2013 11:41 am

Another, spread via fake Facebook mail. Medfos + Zbot included.

From: 173.242.98.156

Tries to connect to:

Code: Select all

184.95.37.102
78.131.140.151
109.156.208.238
209.173.17.125
66.142.27.141
71.146.4.225
84.59.151.27
98.225.252.156
68.85.153.78
193.213.26.230
99.26.122.34
216.246.148.21
50.241.153.231
174.96.27.128
203.45.203.83
71.146.10.15
190.202.240.168
108.218.11.246
108.74.172.39
108.234.133.110
76.226.134.206
82.52.157.197
76.200.230.71
220.208.171.7
81.136.230.235
88.173.210.182
82.193.24.8
67.7.240.231

Code: Select all

Filename    	                          MD5
about.exe.vir    	                     f86cde465500cfae421f80f4c70eb063
able_disturb_planning.jar.vir 	        967297c28b01befe90f6545fbc5df454
cyog.exe.vir      	                    a84438267b3e620c89f0f00fbb009f8d
oMPxCpc.exe.vir        	               ac62b505acfa69ce77d1f9679170ee45
qGThDxG.exe.vir       	                690b6829f0a9614f34946b620585b616