Trying to reversing the shell code contained within the PDF that seem exploit CVE-2010-4091, in according with the sample reported by MalwareTracker, it’s been founded the following URL:
http://212.117.168.89/ad/fi_16.php
 |
From Robtex:
 |
The URL above at this time is down or not more available. Did really exploited for retrieve malware from womens-puzzle.com ? :) . Many Thanks to binjo for his support and tools. For the PDF check my previous post: http://extraexploit.blogspot.com/2010/11/cve-2010-4091-exploited.html
All this things continues to be weird and funny! (WOMENS-PUZZLE.COM :-) ). IMPORTANT: The PDF reported is not sure that exploit, really, the CVE-2010-4091
0 comments:
Post a Comment