after Mpack there has been a set of exploit kits that were released targeting pdf vulnerabilities. Some of the recent ones are Crimepack and Phoenix.
Here is a live command and control center for phoenix located at
(please be careful with this url, recommended precautions include a virtual machine that you are willing to sacrifice)
the urls that will get into the iframe injections are
this is a trojan dropper, most updated AV’s will detect this as a Fake AV variant. Phoenix uses multiple fake antivirus softwares to distribute. from nano versions to pro till defenders we got it all !
again this is LIVE and carrying a powerful set of exploits so please have a virtual machine handy for the analysis.The malware targets most of the recent vulnerabilities discovered with adobe reader, internet explorer, adobe flash player, and java
could get the actual exploit pack consisting of two js, two html, one flash and one asm file…
tryin to get the password for the zip file .. as soon as I get the files opened will post more analysis..