promed-net[dot]com acting as malware distribution point
- December 1st, 2009
- Posted in Malware . Spam
- Write comment
The domain promed-net[dot]com which is currently registered/hosted with Go-Daddy has been acting as a malware distribution point for at least the past 30 days. Malware such as Win32.Krap.ah and Trojan:Win32/Hiloti.genA. I’ve also seen this domain participating in several of the many ongoing Trojan Zeus/Zbot Spam campaigns. The latest being Fake CDC emails claiming you need to set up a H1N1 profile.
Example
“You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people”
If you happen to click the link you now have the notorious Trojan Zbot installed on your system which will then contact promed-net[dot]com to install additional malware. One example can be seen in this ThreatExpert report. More information can be found here.
No comments yet.