Jump to content

Recommended Posts

Posted (edited)

Since yesterday this website

xxx.documentopol.es  (www replaced by xxx)

tricks the user to download a Adobe Flash Player update, which is a virus.

 

Every time you load the site a new different file is generated.

 

ESS does not detect it:

https://www.virustotal.com/de/file/58d6e6a26a39bb48e673993fa50dcab6c8c7bd011fa8ee5675137b0363ef82b3/analysis/

https://www.virustotal.com/de/file/a4eb2deeea89b7091426f183dda1ca1469ab8eeaad2a2b3cdd70b178ccfdf316/analysis/

Edited by User
  • ESET Insiders
Posted

The URL needs to be unlinked.

It's serving up a PWS Fareit variant.

  • 1 month later...
Posted

Attention:

 

I think this site has malicious content again:

xxx.documentopol.es  (www replaced by xxx)

 

It tricks you to download a file named FlashPlayer.exe.

 

Here is virutotal's analysis:

https://www.virustotal.com/en/file/1d8ef2d1f19a47d7c9fc1be6ed498d978c30ebb83b2f0b4d7d23742cb51a754e/analysis/1403187400/

 

Only Malwarebytes and one other AV program currently detects it as a trojan.

 

I think ESET should also consider to totally blacklist this site.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...