While reviewing recent reports scanned by ZULU, we came across a malicious report that drew our attention. It was notable as the final redirection downloaded ZIP content by accessing a PHP file on the domain 'www.stisanic.com'.
more here.........http://research.zscaler.com/2014/05/backdoor-xtrat-continues-to-evade.html?spref=tw
more here.........http://research.zscaler.com/2014/05/backdoor-xtrat-continues-to-evade.html?spref=tw