Monday, October 28, 2013

phishing banker by Changing the proxy config Url!


Malware sample which i came across recently. Its phising banker category.
Details of my research as follows:
Malware sample:
MD5: 466688E7B5849F4BED92F98B4F99042A
SHA1: 46167CBB9D1C37497B1C0CF87877D945D9D26C83
VT results for the file- http://www.virustotal.com/file-scan/report.html?id=9a3424836e5798698c5b50f1872846cddb041f391d228dc2f4d8cce722b2d55c-1315893017


This malware change the automatic proxy config url withoutuser consent in all browsers (IE9, Firefox latest version, google chrome,etc.). HXXP://micro.asfsecure.com/kb971033.php

The link is not active. But previously visited recordsstates that script which redirect to fake banking site instead of legit one (sitesmentioned in the script).



HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings "AutoConfigURL"
                        Type:REG_SZ
                        Data:http://micro.asfsecure.com/kb971033.php


Post made by
newworld


at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...