Naming and tracking different malware families still leaves much to be desired, so for lack of a better alternative, I'm using the term Sasfis. It's function appears to be a general bot-net and is mostly leveraged to install other malware such as key-logging/banking-trojans such as Zeus or scareware like the many variants of Fake Anti-virus that is currently in the wild. For those looking for this on their networks, look for HTTP-like activity out to v-medical.org and 89.187.53.203.
|
Kevin Liston 292 Posts ISC Handler May 27th 2010 |
Thread locked Subscribe |
May 27th 2010 1 decade ago |
The activity and netblock you mention makes me think that this is related to Bredolab.
http://blog.trendmicro.com/bredolab-revealed/ Check out the PDF near the bottom. |
Anonymous |
Quote |
May 27th 2010 1 decade ago |
Yeah, Bredolab, Sasfis, Agent, Outbreak... pick one.
![]() |
Kevin Liston 292 Posts ISC Handler |
Quote |
May 27th 2010 1 decade ago |
Would you kindly link the virustotal or post the hash, size, filename, etc?
|
hacks4pancakes 48 Posts |
Quote |
May 28th 2010 1 decade ago |
Kevin Liston 292 Posts ISC Handler |
|
Quote |
May 30th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!