Underground economy 3 – Phoenix exploit kit fake antivirus and live C&C server

after Mpack there has been a set of exploit kits that were released targeting pdf vulnerabilities. Some of the recent ones are Crimepack and Phoenix.

Here is a live command and control center for phoenix located at

hxxp://nojtul.co.cc/c/statistics.php

(please be careful with this url, recommended precautions include a virtual machine that you are willing to sacrifice)

the urls that will get into the iframe injections are

hxxp://nojtul.co.cc/c/exe.exe

this is a trojan dropper, most updated AV’s will detect this as a Fake AV variant. Phoenix uses multiple fake antivirus softwares to distribute. from nano versions to pro till defenders we got it all !

second url that gets into an iframe injection as shown in the first post De-obfuscating javascript for malware analysis is

hxxp://nojtul.co.cc/c/l.php

again this is LIVE and carrying a powerful set of exploits so please have a virtual machine handy for the analysis.The malware targets most of the recent vulnerabilities discovered with adobe reader, internet explorer, adobe flash player, and java

could get the actual exploit pack consisting of two js, two html, one flash and one asm file…

tryin to get the password for the zip file .. as soon as I get the files opened will post more analysis..

http://nojtul.co.cc/c/statistics.php
This entry was posted in Web Security. Bookmark the permalink.

14 Responses to Underground economy 3 – Phoenix exploit kit fake antivirus and live C&C server

  1. Erin Eskins says:

    I read something similar to your post over at google news… I became interested and then began searching around, and then landed at this site… anyway, I believe that I somewhat agree with what you discuss here. However I’m going to go see what else I can lookup too.

  2. Finally, an issue that I am passionate about. I have looked for information of this caliber for the last several hours. Your site is greatly appreciated.

  3. Toys says:

    Voyager This is a terrific website

  4. hey nice blog, i found it very useful and some nice Posts here!

  5. Bali Villas says:

    Deference to op , some good information .

  6. I like the theme you are using on your blog…

  7. I do agree with all of the ideas you’ve presented in your post. They are very convincing and will certainly work. Still, the posts are too short for starters. Could you please extend them a little from next time? Thanks for the post.

  8. I like this web blog very much, Its a very nice situation to read and find information.

  9. SEO test says:

    hi fellow web master! I really enjoy your website! I liked the creativity of your sidebar.

  10. You sure do know what youre talking about. Man, this blog is just great! I cant wait to read more of what youve got to say. Im really happy that I came across this when I did because I was really starting to get bored with the whole blogging scene. Youve turned me around, man!

  11. Super Post. Ich bin ganz gespannt auf mehr Posts dieser Art.

  12. Your place is valueble for me. Thanks!…

  13. I discovered your weblog web site on google and examine a couple of of your early posts. Continue to keep up the superb operate. I just further up your RSS feed to my MSN News Reader. Looking for ahead to reading more from you afterward!…

  14. Greetings from California! I’m bored at work so I decided to check out your website on my iphone during lunch break. I love the information you provide here and can’t wait to take a look when I get home. I’m amazed at how quick your blog loaded on my phone .. I’m not even using WIFI, just 3G .. Anyways, excellent site!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>