[rkhunter]

Was catched on NgrBot infected machine.

Installs itself to %windir%.
Opens ports at compromised system, i. e. backdoor.
Also is IRC bot, established connection with IRC server.

http://www.microsoft.com/security/porta ... %2fPushbot

http://www.threatexpert.com/report.aspx ... da8582113f

http://anubis.iseclab.org/?action=resul ... ormat=html

[Waves97]

Hi! This new malware that appeared on Facebook:

[Flamef]

Yes i saw it too and took a sample.One of my friends was infected by this and asked for assistance,it keeps spamming something about Angela Merkel.
I think it's a dropper,hopefully EP_X0FF and others may be able to enlighten us.I lost the URL from where it comes from due to problems with my VM,sorry.

[Waves97]

URLs are quickly blocked by the facebook community ;)

[Xylitol]

That the "sb reloaded" things ?

Code: Select all

http://neoreloaded.info/vneo/admin/
http://dkccvinden.co.cc/admin/
http://tftf.tttfttt.co.cc/info/admin/

[Buster_BSA]

Here both samples crashes.

[Flamef]

Just repaired my VM and found this,i tested it on VirusTotal yestarday :
https://www.virustotal.com/file/8cd1438 ... /analysis/

[Waves97]

@Flamef
It's scan one of sample in my submission.

[Flamef]

@Flamef
It's scan one of sample in my submission.

So we got the same sample and it seems it's unique.

[GMax]

Hi! This new malware that appeared on Facebook:

Unpacked file without import