Techol - Latest Tips, Tricks, News and Productive Hacks

Includes Latest Tips, Tricks, News and Productive Hacks that you like to know.

Categories

FriendFeed

Follow Us

Subscribe In a Reader Follow Me on Twitter Follow My SMS

Enter your email address:

 Subscribe in a reader

Donation

Followers

Following Michael Jackson’s sudden death, a malicious campaign around Michael Jackson’s death is on the run. It’s indeed disheartening to know that cybercriminals often rely on some of the most unfortunate events to promote their ill motives and agendas.

According to Websense Security Labs ThreatSeeker Network, cybercriminals are sending spam emails, claiming to offer links to YouTube videos of Michael Jackson.

However, what it really does is, sends the recipient to a Trojan Downloader hosted on a malicious Website.

The Malicious Website

  • The file offered is called Michael.Jackson.videos.scr.
  • This file is located on a legitimate Website hosted in Australia belonging to a radio broadcasting station.
  • Upon executing the file, a legitimate Website at http://musica.uol.com.br/ultnot/2009/06/25/michael-jackson.jhtm is opened by the default browser in order to distract the user by presenting a news article for them to read.

What does it do?

  • It downloads and installs three information-stealing components on the victims PC. Websense’s Security labs says that one of the downloaded files is called michael.gif, which has low AV detection rates.
  • The malware then installs a malicious BHO that is registered with this file %windir%\Dynamic.dll and this GUID {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}.
  • Another component is bound to startup at %windir%\system32\kproces.exe.
  • Another malicious file installed by the malware is %windir%\system32\fotos.exe.

So be careful while you watch MJ videos! Ironically, now is not the right time.

Related Posts with Thumbnails

0 comments

Post a Comment


Can't find what You're looking for? Try Google Search.

Translation by Google

Popular Posts

Recent Posts

Earn Money By Blog Reviews

PayPerPost
ss_blog_claim=912fac891e81c0039da80c7868c8006f ss_blog_claim=912fac891e81c0039da80c7868c8006f