This page was wanting you to sign up and hand over some info. But if you went straight to the 137.135.200.64 IP, you get prompted save an exe directly. The scan can be found HERE. Interestingly, that IP belongs to Microsoft as well (http://whois.arin.net/rest/net/NET-137-135-0-0-1/pft).
Running the malware shows it reaches out to hxxp://playshows.com.br/12/googletalk.zip and downloads it. But it turns out it's password protected. Need to do more digging.
No comments:
Post a Comment