[Dshield] Need help decoding hackers javascript code

Julio Canto jcanto at hispasec.com
Fri Sep 7 12:47:28 GMT 2007

Security escribió:
> In this particular case, the end goal of the zlo-x.net/XDS/iframe.php
> is to download and install a piece of malware from
> hxxp://oya.ru/vyhod/numizmat/ima/get.php?file=exe.  The file that gets
> downloaded, update.exe is UPX-packed and is known to most AV as
> Goldun.  The following link should let you see the VT results:
> http://www.virustotal.com/resultado.html?e308317d18761b82d81c41c1f7902d53

Links at VirusTotal results have a very limited lifespan.


Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf:
+34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B |
jcanto at hispasec.com

More information about the list mailing list