Thursday, July 23, 2009 hosts koobface files

For a few weeks now, a new command has been added in Koobface's C&C.


This small picture has a size of 19.439 Bytes (Bitmap is only 999 Bytes). The command decrypts extra data with the key (193854730d993dfgdfjkng345). This is the decrypt routine:

The malware is known as Trojan-PSW.Win32.LdPinch, a password stealer.
MD5: 4EB90BA3A88369A12DD48ED276778228

Edit: was contacted, the picture has been removed