We came across a website that looks like a legitimate Microsoft Site which hosts a Trojan. The links and images are mirrored from the original Microsoft page except for the “download” button. (Click on the image below for a larger size)
It is noted that when you click on the “download” button it points to an executable file, explorer-fix-3435.exe which is a Trojan. The file is being processed by the service team as of the moment. Do hold on for updates.
It is noted that when you click on the “download” button it points to an executable file, explorer-fix-3435.exe which is a Trojan. The file is being processed by the service team as of the moment. Do hold on for updates.
Update (JoneZ, 11 November 2005 16:51:05)
The file is to be detected asBDKR_SPYDOOR.A.
Below are some strings found in one of the files that this malware drops:
“We are the master of desaster!
Rennemy Crew, Australia”
Below are some strings found in one of the files that this malware drops:
Rennemy Crew, Australia”