一款伪装成DNF私服登陆器的盗号木马!

xf2004

SF地址:http://www.dxc4f.cn/

利用最近热门话题 DNF 私服做钓鱼攻击,登陆器根本就是一个壳! 运行后安装一个盗号木马~

这是扫描报告: http://www.virscan.org/report/97a950a742eb455d2173639397dd16ca.html

附件解压缩密码: 1234567890

su-tt

上报诺顿

wcj20236

运行可执行文件，微点kill掉。

kingmuro

过诺顿10.1

zdw2041

发现comodo把它砍了

su-tt

Developer notes:

C:\Documents and Settings\Administrator\\[1].zip is a container file of type  ZIP

+++--.txt Our automation was unable to identify any malicious content in this submission.

The file will be stored for further human analysis  This file is contained by   C:\Documents and Settings\Administrator\\[1].zip

unicows.dll  is a clean file.  This file is contained by   C:\Documents and Settings\Administrator\\[1].zip

config.dat  is a clean file.  This file is contained by   C:\Documents and Settings\Administrator\\[1].zip

stall.ini Our automation was unable to identify any malicious content in this submission.

The file will be stored for further human analysis  This file is contained by   C:\Documents and Settings\Administrator\\[1].zip

grasses.pck  is a clean file.  This file is contained by   C:\Documents and Settings\Administrator\\[1].zip

data.dll  is a clean file.  This file is contained by   C:\Documents and Settings\Administrator\\[1].zip

dlq.exe Our automation was unable to identify any malicious content in this submission.

The file will be stored for further human analysis  This file is contained by   C:\Documents and Settings\Administrator\\[1].zip







Our automation was unable to identify any malicious content in this submission.

The file will be stored for further human analysis

sam.to

放上來

Scanned file:   222.rar  - Infected
222.rar/µn?¾¹/config.dat - OK
222.rar/µn?¾¹/data.dll - OK
222.rar/µn?¾¹/dlq.exe - infected by Trojan-GameThief.Win32.WOW.den
222.rar/µn?¾¹/grasses.pck - OK
222.rar/µn?¾¹/stall.ini - OK
222.rar/µn?¾¹/unicows.dll - OK
222.rar/µn?¾¹/ª`?«ü«n.txt - OK

不报不是毒,是空的

[ 本帖最后由 sam.to 于 2008-12-4 12:02 编辑 ]

loveyuwei

DNF外挂很多。

robinjzy

不说多的  用外挂被盗都是自找的

BING126

McAfee miss