Hosted in USA also called Ramnit by other antiviruses
what this malware does:
Capability to send out email message(s) with the built-in SMTP client engine.
Produces outbound traffic.
Communication with a remote SMTP server and sending out email.
Downloads/requests other files from Internet.
Compromises SafeBoot registry key(s) in an attempt to disable the Safe Mode.
Creates a startup registry entry.
The data identified by the following URLs was then requested from the remote web server:
http://mozilla.snt.utwente.nl/firefox/releases/9.0.1/win32/en-US/Firefox%20Setup%209.0.1.exe
http://96.9.139.213/stat2.php
http://96.9.139.213/stat1.php
Here the panel:
http://96.9.139.213/ u have to find a way to gain access because it ask for username and passwd lol
hosting infos:
http://whois.domaintools.com/96.9.139.213