User 13 Posted May 3, 2014 Share Posted May 3, 2014 (edited) Since yesterday this website xxx.documentopol.es (www replaced by xxx) tricks the user to download a Adobe Flash Player update, which is a virus. Every time you load the site a new different file is generated. ESS does not detect it: https://www.virustotal.com/de/file/58d6e6a26a39bb48e673993fa50dcab6c8c7bd011fa8ee5675137b0363ef82b3/analysis/ https://www.virustotal.com/de/file/a4eb2deeea89b7091426f183dda1ca1469ab8eeaad2a2b3cdd70b178ccfdf316/analysis/ Edited May 3, 2014 by User Link to comment Share on other sites More sharing options...
ESET Insiders stackz 115 Posted May 3, 2014 ESET Insiders Share Posted May 3, 2014 The URL needs to be unlinked. It's serving up a PWS Fareit variant. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted May 3, 2014 Administrators Share Posted May 3, 2014 Now it's detected by 13 AV vendors: https://www.virustotal.com/en/file/58d6e6a26a39bb48e673993fa50dcab6c8c7bd011fa8ee5675137b0363ef82b3/analysis/1399146337. Link to comment Share on other sites More sharing options...
User 13 Posted June 19, 2014 Author Share Posted June 19, 2014 Attention: I think this site has malicious content again: xxx.documentopol.es (www replaced by xxx) It tricks you to download a file named FlashPlayer.exe. Here is virutotal's analysis: https://www.virustotal.com/en/file/1d8ef2d1f19a47d7c9fc1be6ed498d978c30ebb83b2f0b4d7d23742cb51a754e/analysis/1403187400/ Only Malwarebytes and one other AV program currently detects it as a trojan. I think ESET should also consider to totally blacklist this site. Link to comment Share on other sites More sharing options...
Recommended Posts