Underground economy 3 – Phoenix exploit kit fake antivirus and live C&C server

after Mpack there has been a set of exploit kits that were released targeting pdf vulnerabilities. Some of the recent ones are Crimepack and Phoenix.

Here is a live command and control center for phoenix located at


(please be careful with this url, recommended precautions include a virtual machine that you are willing to sacrifice)

the urls that will get into the iframe injections are


this is a trojan dropper, most updated AV’s will detect this as a Fake AV variant. Phoenix uses multiple fake antivirus softwares to distribute. from nano versions to pro till defenders we got it all !

second url that gets into an iframe injection as shown in the first post De-obfuscating javascript for malware analysis is


again this is LIVE and carrying a powerful set of exploits so please have a virtual machine handy for the analysis.The malware targets most of the recent vulnerabilities discovered with adobe reader, internet explorer, adobe flash player, and java

could get the actual exploit pack consisting of two js, two html, one flash and one asm file…

tryin to get the password for the zip file .. as soon as I get the files opened will post more analysis..


15 thoughts on “Underground economy 3 – Phoenix exploit kit fake antivirus and live C&C server”

  1. I read something similar to your post over at google news… I became interested and then began searching around, and then landed at this site… anyway, I believe that I somewhat agree with what you discuss here. However I’m going to go see what else I can lookup too.

  2. I do agree with all of the ideas you’ve presented in your post. They are very convincing and will certainly work. Still, the posts are too short for starters. Could you please extend them a little from next time? Thanks for the post.

  3. You sure do know what youre talking about. Man, this blog is just great! I cant wait to read more of what youve got to say. Im really happy that I came across this when I did because I was really starting to get bored with the whole blogging scene. Youve turned me around, man!

  4. I discovered your weblog web site on google and examine a couple of of your early posts. Continue to keep up the superb operate. I just further up your RSS feed to my MSN News Reader. Looking for ahead to reading more from you afterward!…

  5. Greetings from California! I’m bored at work so I decided to check out your website on my iphone during lunch break. I love the information you provide here and can’t wait to take a look when I get home. I’m amazed at how quick your blog loaded on my phone .. I’m not even using WIFI, just 3G .. Anyways, excellent site!

  6. Woah! I’m really loving the template/theme of this site.
    It’s simple, yet effective. A lot of times it’s very hard to get that “perfect balance” between usability and appearance.

    I must say you’ve done a very good job with this. In addition, the blog
    loads very quick for me on Chrome. Exceptional Blog!

Leave a Reply

Your email address will not be published. Required fields are marked *