tag:blogger.com,1999:blog-5365964245877416061.post540634183757439250..comments2024-02-23T05:31:25.274+01:00Comments on XyliBox: Tracking Cyber Crime: Golden Ducat (AV Affil)Steven Khttp://www.blogger.com/profile/00282466473904820396noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-5365964245877416061.post-44659396274186742082011-09-09T11:10:46.401+02:002011-09-09T11:10:46.401+02:00erf mistake, thanks for the notice, i've not r...erf mistake, thanks for the notice, i've not really looked into these files.<br />They are not distributed with Golden Ducat, i've just looked for malware on similare IP range and got this.Steven Khttps://www.blogger.com/profile/00282466473904820396noreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-13522637893820100022011-09-09T10:40:01.237+02:002011-09-09T10:40:01.237+02:00Hi Steven,
Very interesting stuff again. The link...Hi Steven,<br /><br />Very interesting stuff again. The links at the end are not TDSS but Delf.QCZ/Trojan.Win32.Miner aka the Bitcoin mining botnet. I blogged about it a couple days ago http://blog.eset.com/2011/08/29/win32delf-qcz-additional-details. When you say those urls were in the distribution system, do you mean on the Golden Ducat website or in one of the dropped files ?<br /><br />Thanks<br /><br />Sébastieneksehttps://www.blogger.com/profile/16232667801876603914noreply@blogger.com