:-)
OK... not likely. However, they are now hosting malware that only 5 of 63 Web Security Solutions is protecting against:
How do we know that 20.exe is malicious? Well... is it bad if the Registry is modified to enable proxies, new Certificate Authorities are created, and then, connections are made to a proxy in Russia? Here are the details.
In summary, a dropper is currently being distributed that calls out via HTTP to grab this file. Strongly recommend you check your logs for outbound TCP:80 connections sent that way.
No comments:
Post a Comment