検索:
ホーム   »     »   Malware Poses as a Symantec Virus Cleaner

Malware Poses as a Symantec Virus Cleaner

  • 投稿日:2006年5月5日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

We received reports of a malware url link being spammed via email. The content of the email looks like a legitimate Symantec web site which is offering a virus cleaner tool for w32.aplore@mm. However, the hyperlink found in the supposed to be cleaner tool points to a malicious software
(http://westkoast.{blocked}.fr/norton/freevirusfix.exe).


We have forwarded this to the Service Team for detection and analysis. Standby for updates and for the time being, provided is a snapshot of the spammed email. BTW, all other hyperlinks found in the spammed email are legitimate except for the said cleaner tool.



Click on the image for a larger view.



Update(JoneZ, 05 May 2006 10:00:25)


Initial analysis of the malware:



  • adds entries to the host that routes several antivirus sites and updates to incorrect ip addresses
  • has keylogger feature
  • DDOS capability
  • Remote Command prompt via IRC
  • possible data destruction
  • can propagate via instant messenger
  • drops a text file in the root folder containing the text : “rBot owned you!”
  • Displays a message box: “VMM32.VXD: Missing/Unable to Load

BTW, this will be detected as WORM_RBOT.AHS.


No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.