Morisato 8 Posted October 13, 2017 Posted October 13, 2017 https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/ https://www.virustotal.com/en/file/6153f429c0cedc721846e60255834ae0f43829cc6a387b766de6f301dab54eca/analysis/1506995209/ An updated variant of this was in use. MediaDownloaderIron.exe. Only Panda, Symantec, and Webroot detecting the file as adware. Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com.
Recommended Posts