[en] W32/Boaxxe by SWF Redirector

Yesterday, i tweet about a W32/Boaxxe on scamadviser.com

W32_Boaxxe_SWF_redirector

btw, not bad 🙂

W32_Boaxxe_SWF_redirector11

Check it again this morning – Java want to be loaded :
W32_Boaxxe_SWF_redirector2
Payload :
W32_Boaxxe_SWF_redirector3

Same URLs – as you can see, there is an iframe, act like an ads banner.
W32_Boaxxe_SWF_redirector4
pixiepixie.com load a SWF banner.
W32_Boaxxe_SWF_redirector5

The frame of the SWF is empty so it shows nothing.
The ActionScript is availaible on this link : http://pjjoint.malekal.com/files.php?read=20140131_p14v7x7l12z6
As always it create an iframe (and cookie this time) with an useragent filter.

Big Up to F-Secure that detect the SWF : https://www.virustotal.com/fr/file/682d8b9f50098ec6a4aa512526f41beba8d36c651ac8a390977bec869ddfbef0/analysis/1391155585/

F-SecureTrojan:SWF/CookieBomb.E20140130

Very happy to see you can follow thoses SWF redirector :
https://twitter.com/malekal_morte/status/426459905386508289
https://twitter.com/malekal_morte/status/427082111246295040

W32_Boaxxe_SWF_redirector6
then it redirect to a counter.php page on s.malinux.li :
W32_Boaxxe_SWF_redirector7
that finaly redirect to the Exploit Kit :
W32_Boaxxe_SWF_redirector8
pixiepixie.com seems to be a hacked websites :
W32_Boaxxe_SWF_redirector9

so finaly, it seems to be a hack on scamadviser.com that try to act like an advertising/malvertising.

Yersterday and today payload detections – (today it’s Zbot / ransomware detection, choose :D)

http://malwaredb.malekal.com/index.php?hash=901c74240154e245e1c2b28d713693b9
http://malwaredb.malekal.com/index.php?hash=99b751630a73ecefa0120179a1a3ae2c
http://malwaredb.malekal.com/index.php?hash=6b0af1ba493c5dc0b2e4a0379615abfa
http://malwaredb.malekal.com/index.php?hash=246f5ec4fec669a10d211aae0a9bbb40
http://malwaredb.malekal.com/index.php?hash=445097ddb53e6f51e6be0670531f943c

W32_Boaxxe_SWF_redirector10

About the malware W32/Boaxxe, Eset write up a nice description : http://www.welivesecurity.com/2014/01/17/boaxxe-adware-a-good-advert-sells-the-product-without-drawing-attention-to-itself-part-2/

Comment lire d'autres tutoriels de malekal.com ?

Si le site vous a aidé, svp, débloquez les bloqueurs de publicités, n'hésitez pas non plus à partager l'article ou le site sur les réseaux sociaux.

Pour pouvoir lire plus d'articles et tutoriels, utilisez le menu en haut du site. Plein d'articles et tutos utiles vous attendent !

Besoin d'aide ?

Posez votre question ou soumettez votre problème sur le forum malekal.com pour obtenir une aide efficace : Aller sur le forum malekal.com
(Visited 21 times, 1 visits today)

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *