A new variant of W32/Feebs is making the rounds. Fellow handler Bojan has spent quite some time with de-obfuscating the JavaScript and VB code, and we’re still looking at what it does besides downloading base64 encoded versions of W32/Feebs. You might want to block access to *.coconia.net *.by.ru *.kazan.bz *.t35.com *.freecoolsite.com *.nm.ru until the AV