You know that your malware investigation day will be a pain when you reach the first iframe on the webpage… This one was pointing: iframe src=”http://[REMOVED].cn/in.cgi?[REMOVED] This iframe is a redirect to: http:// [REMOVED].hostindianet.com/index.php?[REMOVED] Now it gets interesting. This url contains a script that will send a PDF file, called readme.pdf. As an additional note, Read more…
Tags: bueno, exploit, luckysploit, pedro bueno, waledac
Posts tagged under waledac