Historical OSINT - FTLog Worm Spreading Across Fotolog

In, a, cybercrime, ecosystem, dominated, by, fraudulent, propositions, cybercriminals, continue, actively, populating, their, botnet's, infected, population, further, spreading, malicious, software, while, compromising, the, confidentiality, integrity, and, availability, of, the, affected, hosts, to, a, multu-tude, of, malicious, software, while, earning, fraudulent, revenue, in, the, process, of, monetizing, access, to, the, malware-infected, hosts, further, spreading, malicious, software, while, monetizing, access, to, malware-infected, hosts, largely, relying, on, a, set, of, tactics, techniques, and, procedures, successfully, monetizing, access, to, the, malware-infected, hosts, largely, relying, on, the, utilization, of, affiliate-based, type, of, monetizing, scheme.

We've, recently, intercepted, a currently, circulating, malicious, spam, campaign, targeting, the, popular, social, network, Web, site, Fotolog, successfully, enticing, socially, engineered, users, into, interacting, with, malicious, links, while, monetizing, access, to, the, malware-infected, hosts, largely, relying, on, the, utilization, of, an, affiliate-based, type, of, monetizing, scheme.

In, this, post, we'll, profile, the, campaign, provide, actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

Sample, URL, redirection, chain:
hxxp://bit.ly/cBTsWo
        - hxxp://zwap.to/001mk
            - hxxp://www.cepsaltda.cl/uc/red.php?u=1 - 216.155.72.44
                - hxxp://supatds.cn/go.php?sid=1 - 92.241.164.1
                    - hxxp://www.cepsaltda.cl/uc/rcodec.php
                        - hxxp://cepsaltda.cl/uc/codec/divxcodec.exe

Sample, detection, rate, for, a, sample, malicious, executable:
MD5: c6dbc58e0db3c597c4ab562ad9710a38

We'll, continue, monitoring, the, campaign, and, post, updates, as, soon, as, new, developments, take, place.