Interesting case.
Trojan:Win32/Reveton.A,
MD5: 34818ce171ea150b91429ac1dd6fbe49
VT
it sets ActiveDesktop, runs IE and requests FakePoliceAlert,
in result your desktop has view
Trojan:Win32/Reveton.A,
MD5: 34818ce171ea150b91429ac1dd6fbe49
VT
it sets ActiveDesktop, runs IE and requests FakePoliceAlert,
in result your desktop has view
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 46.38.58.47
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Sun, 15 Jan 2012 07:20:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.6-1+lenny13
Content-Encoding: gzip
GET /img/downheader.jpg HTTP/1.1
Accept: */*
Referer: hxxp://46.38.58.47/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 46.38.58.47
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Sun, 15 Jan 2012 07:20:17 GMT
Content-Type: image/jpeg
Content-Length: 60665
Last-Modified: Thu, 08 Dec 2011 22:16:50 GMT
Connection: keep-alive
Accept-Ranges: bytes
Attachments
pass:infected
(149.33 KiB) Downloaded 270 times
(149.33 KiB) Downloaded 270 times