29
Aug
08

XP Antivirus 2008 IFRAME update

post info

By lithium
Categories: Antivirus XP 2008, Database Update and IFRAME

While stepping through malicious domains I noticed that the “International Virus Research Lab” (IVRL) pages for XP Antivirus 2008 had changed hashes. I was looking at  hxxp://bestantivirus2009.com at the time and noticed the inclusion of an IFRAME pointing to hxxp://huytegygle.com/index.php.

iframe

I took a look at the IFRAME and found the following obfuscated javascript.

obfuscatedjscode

After attempting a few exploits the code eventually leads us to hxxp://huytegygle.com/bin/file.exe which has a low (7/36 and mostly heuristic) detection rate @ VirusTotal.  The file has been made available inside /lithium-malware/.

File: file.exe [ThreatExpert]
File size: 8192 bytes
MD5…: a2a6455a4da0192fb8efe85e98fd3dfa
SHA1..: a9a65198cf692a306be1e23c9e965549b7294b26
SHA256: 92255343407bf219f094bec01ac7750cf82869741d6fb5c27967624ce0e6bc80
SHA512: 2b9a1c7b33e80bdfc213be9d3dfbeb7491ede790045c5aec15ec55bd686c9787
d2b19420f8058286c286375db2bee84e55d101c42f99a03a92010691e0b8eeb9
PEiD..: -

Malware Database Forum



Click for

Malware Removal Information



Special Deals


$20 Off Panda Internet Security 2009

 

August 2008
M T W T F S S
« Jul   Sep »
 123
45678910
11121314151617
18192021222324
25262728293031

Support Malware Database!


Security Engineering: A Guide to Building Dependable Distributed Systems

Reversing: Secrets of Reverse Engineering

Crimeware: Understanding New Attacks and Defenses (Symantec Press)

Security Power Tools

IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job

Windows Command-Line Administrator's Pocket Consultant, 2nd Edition

CompTIA Security+ Certification Kit