New malware sightings



Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can’t bet on antivirus to keep you safe (the initial installer was not detected by most AV vendors – suspicious by 1.) (If you think about it, this makes perfect sense – antivirus is reactionary and needs to have seen a bug once to recognize it again.) 2) Malware, once in the system, can bring all their friends.


The initial malware was called extdrvr.exe and was apparently a spambot of somesort (when run it would pull email addresses and message body from a website. (spm.freecj.com) Then it would download trojan downloaders, which would pull in more stuff, including a dialer, which pulled down ANOTHER downloader.

In an interesting competitive twist, the host file was modified to block access to various antivirus vendors, Microsoft ,etc… but also some well known sites for distributing OTHER malware. (Was it Netsky and bagle/beagle that “fought” against each other ?)

This system is definitely in line for a reinstall after this mess.

Related Posts

Blog Traffic Exchange Related Posts
  • CDROM drives with yellow exclamation point in Windows XP I ran into something I hadn't yet seen firsthand today. A PC (running Windows XP home) with 2 optical drives (CD-RW and DVD drive). However, neither cd drive showed up in My Computer and both of them had a yellow exclamation point in the device manager listing. Of course, two......
  • Keeping the new PC spyware free Spyware Confidential has the top 10 tips to keep that new pc spyware free. Some good tips here and these should be on the checklist when setting up a new pc any time of the year... Paraphrased here.... Update windows immediately, setup automatic updates and enable windows firewall (unless other......
  • Disinfecting a PC… part 10 Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And spybot get's updated from the internet and re-runs. All looks......
Blog Traffic Exchange Related Websites
  • Bitdefender VS Malwarebytes In a recent lab test, we decided to see what software is better at finding Malware.  On a machine running Bitdefender we decided to install and run Malwarebytes to see if it would pick up anything.  And it did.  Bitdefender has been sitting on: Trojan.Downloader Trojan.FakeAlert Disable.SecurityCenter Malwarebytes picked up......
  • Outlook Secure Temporary File Folder Symptom - can't open attachments to emails. This is one of the things about Micrsoft that will eventually push me over the edge. A few months back, my CFO called me in to his office saying he couldn't open attachments from an email in Excel.  I poked around a bit,......
  • Trojan Horse Protection - Antivirus Trojan Software In today’s online environment it’s important to know what risks lie ahead at each click. This paper will describe so of the malicious kinds of attacks your Home/Office PC may encounter online. Now I’m sure we have all heard of Viruses online and some of you have heard of Trojans.......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site