We have received some information from one of our readers that the zip file that he received contained a multiple exploit-kit downloader. He indicated that there are over 120,000 successful downloads of the exe file. They have discovered that IP address 173. 204. 119 . 122 is where the file appears to be hosted at and is being updated with new binaries consistently. The downloader appears to grab a few files with random file names and have been observed connecting too imagehut4 .cn, allxt .com, hitinto .com. … all files appear to run fully under Windows VMWARE and are resistant to detection by many of the common threat programs.
These domains will be added on the next update but you shouldn’t wait..