(Zeus banking malware hosted by United States Provo Unified Layer)

Resolved to

When this site first got posted I though it was hacked, but now that I’ve taken a closer look it’s actually a lame spreading attempt.

Gate file:  /data/gate.php
Config file:  /data/cf.bin

The zeus binary was hosted at, as a “resume creator”
The download page warns that it needs .NET 2.0, so the skid is obviously using a HF crypter.
The same download page is on genhagroup but it’s missing the file.

Hosting infos:

EDIT: lol

Categories: Uncategorized