Trojan Win32 Reveton
Trojan Win32 Reveton [root@heretyghyuiiiojk www]# What a cool hostname. "v" is GeoLiteCity.dat mixed with some php. images.rar is a payload downloaded by Reveton (cf here) The sql database have 4 tables: `balances`, `content`, `geoip_isp`, `stat_ips` Just the basic, landing for Italian ransom. And traces of german landing Code comments and variables name are in english By looking the code source of pages ive see that "shared.php" is used as panel with GET req only DB content: Codes: There is also a feature to erase vouchers. download file now