(Citadel banking malware hosted by unitedcolo.de)

Gate file:  /.~/ineed/stats.php
Config file:  /.~/ineed/file.php

They forgot to remove the installation directory: hxxp://
Found on the same betabot as the recently posted pony loader.

Hosting infos: http://whois.domaintools.com/

Categories: Uncategorized

1 Comment

Anonymous - May 28, 2013 at 5:48 am

There's been a large jump in people using Citadel these days.

Comments are closed