New malware sightings



Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can’t bet on antivirus to keep you safe (the initial installer was not detected by most AV vendors – suspicious by 1.) (If you think about it, this makes perfect sense – antivirus is reactionary and needs to have seen a bug once to recognize it again.) 2) Malware, once in the system, can bring all their friends.


The initial malware was called extdrvr.exe and was apparently a spambot of somesort (when run it would pull email addresses and message body from a website. (spm.freecj.com) Then it would download trojan downloaders, which would pull in more stuff, including a dialer, which pulled down ANOTHER downloader.

In an interesting competitive twist, the host file was modified to block access to various antivirus vendors, Microsoft ,etc… but also some well known sites for distributing OTHER malware. (Was it Netsky and bagle/beagle that “fought” against each other ?)

This system is definitely in line for a reinstall after this mess.

   Send article as PDF   

Similar Posts