Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    We have recently found a website that purportedly offers cracks for numerous applications, but in reality serves malicious files to its unknowing users.

    The website, hxxp://{BLOCKED}, is allegedly owned by an organization called China.United Telecom. Corp. The said website supposedly offers a wide collection of cracks for different applications. However, attempting to download any of these files will always lead to the same page (Figure 2.)

    Click Click

    Clicking the Download button downloads a .ZIP file into the user’s system. The .ZIP file contains two files, both of which are malicious:


    Trend Micro detects the files as TROJ_DLOADER.ZTN. TROJ_DLOADER.ZTN downloads TROJ_AGENT.INC and TROJ_DLOADR.AOP which further connects to URLs to download more malicious files.

    The .ZIP file is actually hosted on another domain, hxxp://{BLOCKED}

    Accessing the top domain where the .ZIP file is hosted leads to a landing page informing the user that the website is already suspended for violation of terms of service. However, it seems that directly linking to the file, regardless of the alleged suspension, ensures a successful download of any file hosted on the site.


    Apparently, the suspension did not stop cybercriminals from using the website’s directory as a malware repository for other attacks. Either that, or this might only be a guise used by criminals to hide the website’s real purpose. The Smart Protection Network however, stops this threat from affecting users’ systems through blocking related malicious URLs, and detecting malicious files.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice