Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Websense Security Alert

October 2008 by Websense

Websense® Security Labs ThreatSeeker Network has discovered a new malicious spam lure that uses the threat of a virus to encourage users to download a malicious Trojan.

The email explains that by downloading the application linked within the email, users can protect themselves against a virus that spams messages to a user’s contacts. The email offers an update to Live Messenger Plus - this is actually a Trojan (md5: 5F1D2521F6949F8B71B9FF93C17A8BE2). Antivirus detection rate is low.

The URLs provided in the email redirect the user to a two-stage downloader named dsc.scr. As a distraction for the user, a dialog box is displayed explaining that the user will be redirected to A browser then opens pointing to this site. The downloader first contacts hxxp://*snip*, and then hxxp://*snip*, adding the two files to the root of C:

A scheduled task is then created, and modifications are made to autoexec.bat to disable GBPlugin and other tools promoted by Brazilian banks to protect against such keyloggers and other malware. Details on other malicious applications targeting this security software can be found in our previous blog on G-Buster Browser Defence. The malware then goes on to conduct information-stealing activities.

See previous articles


See next articles