Searching for some free templates at google may bring you nasty things you wont have:
http://www.google.com/search?hl=en&q=kostenlose+vorlagen&btnG=Google+Search
Have a look at the first advertising link "Kostenlos-Vorlagen.info"
All files there (all the same) are detected as:
AntiVir 7.4.0.39 07.07.2007 TR/Spy.BZub.JD.1
F-Secure 6.70.13260.0 07.07.2007 W32/Malware
Ikarus T3.1.1.8 07.07.2007 Trojan-Spy.Win32.Goldun.lw
Kaspersky 4.0.2.24 07.07.2007 Trojan-Spy.Win32.BZub.jd
Microsoft 1.2704 07.07.2007 TrojanDropper:Win32/Small.OT
Norman 5.80.02 07.06.2007 W32/Malware
Sophos 4.19.0 07.06.2007 Mal/Binder-C
Webwasher-Gateway 6.0.1 07.07.2007 Trojan.Spy.BZub.JD.1
After executing, the malware drops a file named:
C:\WINDOWS\System32\ipv6monl.dll
It hooks as a BHO under CLSID:
HKEY_CLASSES_ROOT\CLSID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}
\InprocServer32
To do so it looks for activated Brwoser extensions:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Enable Browser Extensions" = yes
It also ensure that the IE could bypass Windows Firewall:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
\List "C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program
Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
The Keylogger function checks for banking logins end if recognized it logs this information and send it to a server.
Tuesday, July 17, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment