Morisato 8 Posted October 13, 2017 Share Posted October 13, 2017 https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/ https://www.virustotal.com/en/file/6153f429c0cedc721846e60255834ae0f43829cc6a387b766de6f301dab54eca/analysis/1506995209/ An updated variant of this was in use. MediaDownloaderIron.exe. Only Panda, Symantec, and Webroot detecting the file as adware. Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com. Link to comment Share on other sites More sharing options...
Recommended Posts