Here's a nice find - a file that searches for a Virtual PC by means of a Registry check. If the Virtual Machine is detected, the install comes to a halt. If you're on a real computer, however, you'll find numerous files downloaded and installed onto your PC. Along with the usual Trojans, there's something called CPush:

This is a Browser Helper Object related to Sogou, also from China:

There are numerous other websites mentioned in files, install logs and executables - as usual, they vary from blank pages to game websites:

Finally, some of the files make reference to a well known IRC Server used for Botnet activity - though we didn't see any live Botnet action while testing the files, there's nothing to say they couldn't install additional Bot components sometime after the initial hijack. We did find a Login page on one of the related sites, but that proves nothing - it could just as easily be an Admin Panel as it could a Command and Control Center:

What's interesting here is that it seems to share some similarities with this Worm. They both seem to have emerged at the same time - I'd love to know which one came first, though I'd prefer it if they hadn't emerged at all...

Research and Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: FSL Threat Research Team, WV