New malware sightings



Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can’t bet on antivirus to keep you safe (the initial installer was not detected by most AV vendors – suspicious by 1.) (If you think about it, this makes perfect sense – antivirus is reactionary and needs to have seen a bug once to recognize it again.) 2) Malware, once in the system, can bring all their friends.


The initial malware was called extdrvr.exe and was apparently a spambot of somesort (when run it would pull email addresses and message body from a website. (spm.freecj.com) Then it would download trojan downloaders, which would pull in more stuff, including a dialer, which pulled down ANOTHER downloader.

In an interesting competitive twist, the host file was modified to block access to various antivirus vendors, Microsoft ,etc… but also some well known sites for distributing OTHER malware. (Was it Netsky and bagle/beagle that “fought” against each other ?)

This system is definitely in line for a reinstall after this mess.

Related Posts

Blog Traffic Exchange Related Posts
  • Sophos suggests.... for more safety - get a Mac Analyzing the state of the computer world.... Sophos Antivirus has suggested that consumers consider a Mac for their next PC if they're concerned about the increasing swarm of malware targetting Windows PC's. The main point being there are no ACTIVE malware threats against Mac systems and Windows still seems to......
  • Remote tech support with anything - would I do it? I've tried to ask myself if I'd trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is "it depends". If you think about it, I do tech support for home users quite a bit and they let......
  • Remote Tech Support using VNC (Ultravnc SC and x11vnc+wrapper script) Ok, some time back I'd done a writeup on UltraVNC SC, which is a nice customizable (windows version) VNC server that essentially let's someone doing remote support build their own downloadable .exe that runs and automatically tries to make a direct connection to a "listening" vnc viewer. It's good for......
Blog Traffic Exchange Related Websites
  • Outlook Secure Temporary File Folder Symptom - can't open attachments to emails. This is one of the things about Micrsoft that will eventually push me over the edge. A few months back, my CFO called me in to his office saying he couldn't open attachments from an email in Excel.  I poked around a bit,......
  • High Tech Deck Skate Park Choices There is a great deal of interest in high tech deck skate park materials today as more and more people are becoming interested in the sport once again. As you watch the interest in skateboarding becoming more popular every year, there is more reason than ever for the innovations in......
  • Microsoft to deliver free anti-malware to Windows users News from Microsoft - the company is to offer no-cost anti-malware to Windows users and phase-out sales of Windows Live OneCare subscription. Code-named “Morro,” the product, which is scheduled for release during the second half of 2009, will offer protection against viruses, spyware, rootkits and Trojans. From the press release: As......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site