Lately, we have seen a good number of samples generating some interesting network traffic through our automated framework. The HTTP network pattern generated contains a few interesting parameters, names like “&av” (for antivirus?) and “&vm=”(VMware?), The response received looked to be encrypted, which drew my attention. Also, all the network traffic contained the same host […]
Recently we found several malicious executables with similar characteristics. These files were found on the following six domains: janashfordplumbing.com kalliskallis.com lowes-pianos-and-organs.com continental1.com foreigntire.com gjhimages.com The URLs used, adhered to the following two formats: http://www.[domain].com/awstats6_data/[a-f0-9]{10}/?f=sm_main.mp3&k=[0-9]{15} http://www.[domain].com/images/[folder]/[folder]/[a-f0-9]{10}/?f=sm_main.mp3&k=[0-9]{15} These six domains are otherwise legitimate sites that have been compromised and used to serve malicious content. While I didn’t […]
Latest Comments