"The malware to be downloaded by Pushdo depends on the value following the "s-underscore" part of the URL. The Pushdo controller is preloaded with multiple executable files - the one we looked at contained 421 different malware samples ready to be delivered. The Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes. This enables the Pushdo author to limit distribution of any one of the malware loads from infecting users located in a particular country, or provides the ability to target a specfic country or countries with a specific payload."
Talkely.com (18.104.22.168) is also responding to arenatalk.net and worldtalk.net. There's also another bogus message next to the one mentioned in SecureWorks analysis - and it's "Under Construction Try google".
Related posts on Web Based Malware :