User 13 Posted May 3, 2014 Posted May 3, 2014 (edited) Since yesterday this website xxx.documentopol.es (www replaced by xxx) tricks the user to download a Adobe Flash Player update, which is a virus. Every time you load the site a new different file is generated. ESS does not detect it: https://www.virustotal.com/de/file/58d6e6a26a39bb48e673993fa50dcab6c8c7bd011fa8ee5675137b0363ef82b3/analysis/ https://www.virustotal.com/de/file/a4eb2deeea89b7091426f183dda1ca1469ab8eeaad2a2b3cdd70b178ccfdf316/analysis/ Edited May 3, 2014 by User
ESET Insiders stackz 115 Posted May 3, 2014 ESET Insiders Posted May 3, 2014 The URL needs to be unlinked. It's serving up a PWS Fareit variant.
Administrators Marcos 5,452 Posted May 3, 2014 Administrators Posted May 3, 2014 Now it's detected by 13 AV vendors: https://www.virustotal.com/en/file/58d6e6a26a39bb48e673993fa50dcab6c8c7bd011fa8ee5675137b0363ef82b3/analysis/1399146337.
User 13 Posted June 19, 2014 Author Posted June 19, 2014 Attention: I think this site has malicious content again: xxx.documentopol.es (www replaced by xxx) It tricks you to download a file named FlashPlayer.exe. Here is virutotal's analysis: https://www.virustotal.com/en/file/1d8ef2d1f19a47d7c9fc1be6ed498d978c30ebb83b2f0b4d7d23742cb51a754e/analysis/1403187400/ Only Malwarebytes and one other AV program currently detects it as a trojan. I think ESET should also consider to totally blacklist this site.
Recommended Posts