Overview
We have analyzed the Disco Savings malware in order to identify it's internals and posted a whitepaper, so you should check it for all the details regarding the analysis process. We have posted a number of malicious JavaScript files used by Disco Savings adware in our malware-samples Github repository in disco-savings folder.
We have identified the malware was using different URLs based on the originating country of where the infection was coming from. Mainly, the following countries were specifically targeted:
- United States
- Germany
- United Kingdom
- Mexico
- India
- Colombia
- Spain
- Chile
- Belgium
- Canada
- Australia
- France
- Austria
- Switzerland
- Poland
- Russia
- Brazil
- Netherlands
- Italy
- Argentina
If you're interested in the internals of the malware as well as the actual malicious files, you can read the whitepaper.
Comments