New malware sightings
Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can’t bet on antivirus to keep you safe (the initial installer was not detected by most AV vendors – suspicious by 1.) (If you think about it, this makes perfect sense – antivirus is reactionary and needs to have seen a bug once to recognize it again.) 2) Malware, once in the system, can bring all their friends.
The initial malware was called extdrvr.exe and was apparently a spambot of somesort (when run it would pull email addresses and message body from a website. (spm.freecj.com) Then it would download trojan downloaders, which would pull in more stuff, including a dialer, which pulled down ANOTHER downloader.
In an interesting competitive twist, the host file was modified to block access to various antivirus vendors, Microsoft ,etc… but also some well known sites for distributing OTHER malware. (Was it Netsky and bagle/beagle that “fought” against each other ?)
This system is definitely in line for a reinstall after this mess.
Popularity: 2% [?]
Related Posts - Remote Tech Support with x11vnc and wrapper script So, the idea is that I wanted something "like" the Ultranvnc Single Click download, only for linux. The main idea being is that if someone is looking for a bit of desktop tech support on linux, we don't need to be giving instructions for 5 different package managers, or source......
- Can I have more than One Antivirus Program? This is a question I see quite a bit... in fact I just saw this questoin while browsing the web. Generally it's NOT a good idea to have more than one antivirus program. Given the low level system access that antivirus software needs to have it can interfere with correctly......
- Microsoft Issues advisory on Powerpoint flaw Here's the link to Microsoft's advisory. The main workaround seems to be.... Don't open or save powerpoint attachments that you receive from untrusted sources, OR that you receive unexpectedly from trusted sources.... So, the only real workaround is what SHOULD be common practice. Whether or not there is a vulnerability......
Related Websites - 3 Ways of Repairing the Windows Blue Screen The most frustrating computer error of all, the blue screen that pops up out of no where and almost always when you're in the middle of something very important. The screen appears listing some strange cryptic message of numbers and letters about something going wrong. For us average computer users......
- Insider Tips on Coin Collecting It can be easy to think that you have mastered coin collecting once you have pulled together a large and decent collection. When you have coins that you like in your collection and have spent years on your collection, you feel like you cannot improve your collection. With that being......
- Microsoft to deliver free anti-malware to Windows users News from Microsoft - the company is to offer no-cost anti-malware to Windows users and phase-out sales of Windows Live OneCare subscription. Code-named “Morro,” the product, which is scheduled for release during the second half of 2009, will offer protection against viruses, spyware, rootkits and Trojans. From the press release: As......
Similar Posts
- New IM worm using WMF vulnerability
- Another Massive ID theft ring
- Database for malware URL’s
- Virus Warning – Email Subjects – IRS Notice – Important Information from the IRS
- Windows Metafile zeroday exploit