Monday, October 29, 2012

The crusaders' note : When #malware infector goes to Cloud - Part 2 : Amazon-AWS loaded with Trojan Bank Spy/Downloaders

Amazon-AWS, a famous Cloud, is loaded with Trojan Banking Malwares which found injected via some users like: junormario, flashssa, twttreng etc etc...
Infection dates are from October 27th to NOW. And these links of infection is found in spam emails already, means is in the wild/on going scheme! These trojan were found with the direct link/url download or with the IFRAME pattern. Moreover most infected download is on HTTPS..
The analysis details case by case is obviously don't need for these infection, since the VT analysis explains all details correctly. We shared this with really hoping and expecting the cleanup act to be conducted soon...
Below is the infection disclosure:
1) Trojan Banker sets: (STRAIGHT DOWNLOAD SCHEME URL)
h00ps://s3.amazonaws.com/juniormario/ia2.exe VT(31/43) https://www.virustotal.com/file/453c8a1571ea38560a64c210e8baa3a6d481cdfbe97f9c4d0889bb5408747cd2/analysis/
h00ps://s3.amazonaws.com/juniormario/ma.exe  VT(31/44) https://www.virustotal.com/file/c07d0d2e0d4cb4aa59c4980c7953b014e3251e5ecc8d0b9082be2c751794f1f9/analysis/
h00ps://s3.amazonaws.com/juniormario/wmi.dll VT(34/44) https://www.virustotal.com/file/2784e3e11d95f11a61e22de723026002a82fdad49c37644c9598d5fa0f966daa/analysis/
h00ps://s3.amazonaws.com/juniormario/atta.exe VT(28/43) https://www.virustotal.com/file/d49ecdf1bf285acebccb7b800dd20da16a81a46882f1ab7df63e47309e81f054/analysis/
h00ps://s3.amazonaws.com/juniormario/ba.exe VT(31/44) https://www.virustotal.com/file/0ba745172fb51cd2ff19f6664ad9cd5815c547d5efe41d8f318fcf02ade66eea/analysis/
2) Other AMAZON-AWS INFECTOR(IFRAME) AND TROJAN DOWNLOAD SCHEME:
h00ps://s3.amazonaws.com/flashssa/index.html JS/IFRAME INFECTOR TO THE BLOW BANLOAD/TROJ VT (22/42) https://www.virustotal.com/file/0deec9b2fb6213d66ab2c2522e6e9da970a812adead77a892ff36dab31ab70f7/analysis/
h00ps://s3.amazonaws.com/flashssa/Flash_Player.exe Trojan/Downloader/Banload VT(31/44) https://www.virustotal.com/file/70b6e05976a8f62219ccb84f9625027c4d0b73b80449895cb5daadbbfd933167/analysis/
3) AND SOME MORE......(STRAIGHT DOWNLOAD SCHEME URL)
h00ps://s3.amazonaws.com/twttreng/HSS-2.67-install-p94-356-conduit.exe
h00p://s3.amazonaws.com/futuremark-static/downloads/Futuremark_SystemInfo_v4120_installer.exe
h00ps://s3.amazonaws.com/naturalsoftdownload-voices/software/standardsetup.exe
  :           

#MalwareMustDie!