This install service was running since a long time but the server recently died.
People targeted are from Russia, Ukraine, Belarus, Kazakhstan, and Uzbekistan.
Statistics by days:
Statistics by countries:
Statistics by version:
Statistics by time:
Statistics by tasks:
Statistics by sites:
Statistics by ads:
Loader, users list:
There is some interesting people in this listing:
Severa (Know for FakeAV, Spam)
Malwox Affiliate (Mayachok.1)
Feodal cash Affiliate (Bitcoin malware)
And if you want to know about the EXE files loaded... all are malwares (Zeus,SpyEye, Russian lockers, Spam bots, Mayachok... etc..)
The x64 Zbot covered by Kaspersky also come from here.
The executables was rotating and was refreshed constantly, from this system, around 400 samples can be pulled per day.
Download statistics for client 191 ( Malwox TEST ):
Schedule for user:
For the FTP list, most of accounts were with shell on them.
From the source:
Begun is one of the biggest ads services in Russia.