 |
|
|
Thread Tools | Display Modes |
|
#1
09-04-2009, 06:02 PM
|
|||
|
Angelina and Zango cash
I came across the following site today: angelinajmovies.cn
If you browse the site you immediately get a file:  which VirusTotal detects as:  If you refresh the page you now get this second file (sorry I used Firefox here, but you get the same result in IE):  which VirusTotal detects as:  And if you refresh the page angelinajmovies.cn for a third time you get:  Wait, let's zoom in a little bit:  Yes, you see it right, Zango it is. Dreamcatcher player, sorry DreamMediaPlayer or whatever. The landing page reminds me so much of the fake codec pages. I bet they might even have used the same template. Bad on all fronts! Jerome Segura Malware ID: 67e252ee84a6b5d0e2706ccc3e36a106.zip Malware ID: bea4676cddd48770b56c54db8b07f370.zip Malware ID: c115d8251fe12d92567e55cad1d379e9.zip 
|
||
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
