Sponsored by..

Wednesday 7 March 2012

Intuit spam / sony-zeus.net

Another fake INTUIT spam run is in progress, this time using the domain sony-zeus.net to deliver the payload.

The malware is hosted on sony-zeus.net/content/ap2.php?f=ef572 and sony-zeus.net/main.php?page=fac4e861546108ef on 213.179.193.132 (Solidhost, Netherlands). We've seen this IP before, so it is well worth blocking.

5 comments:

martijn said...

Is it Zeus they deliver?

Kafeine said...

Martinj : Files on this BH EK :

https://www.virustotal.com/file/1ab34c2660672850a391f156dd52bc2e39897d21f6ebd916b49082a6500d46bf/analysis/


https://www.virustotal.com/file/e11218fb46eec0388963931ee47ce588db17fd712f4b89a0d0b6989d71f4c4b3/analysis/



https://www.virustotal.com/file/ce6420427dc2d3f7be37eb15b8514b3b4c212df8fd086f3e7a7875610cff3cc9/analysis/

Kafeine said...
This comment has been removed by the author.
Kafeine said...

And this one
https://www.virustotal.com/file/4b859f82f6f5849e1ddbbdce71afd36f12218c6445ab199cbb110cd65904fd05/analysis/

Conrad Longmore said...

@martijn - it did cross my mind that there was some humour involved here :)