Embarrasing…. and a big pain in the neck for any of their visitors… It seems as though if you’ve visited Circuit City’s Support Forum with an unpatched Internet Explorer, you likely have a trojan/backdoor of some sort on your pc. (Assuming Explorer hasn’t been patched since January. In reality – if you haven’t updated explorer […]
There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that’s dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit file dropped as of yesterday, […]
There is a company (well, unfortunately, WAS a company) called Blue Security. They had an innovative approach to stopping spam. A small download essentially sent opt-out return emails that were junk back to the REAL spam sender (clever concept huh? bouncing to the person that REALLY sent the message… Of course what was clever here […]
Incidents.org has another interesting post about a spyware site. One of the handlers ran across it while doing a search for an educational institution. (They’ve used a wildcard in the dns record so that they can get traffic to {fillinkeyword}.nastydomain.com) Anyway… the main page tries to install WinAntiSpyware2006FreeInstall.cab from WinSoftware Corporation, Inc. It gives the […]
Can I say enough times that after a bad trojan infestation you should format and reinstall? I’ve cleaned up the infested image that I “sacrificed” to the WMF exploit and as I’ve said you’re pestware install will likely be somewhat different. An exploit is just the road, the spyware and viruses are the cars. Once […]
So, I’ve got most of the baddies cleaned out and I’m not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in particular) that could be legitimate windows file names. Am I running the good one, or the trojan? That […]
There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq. Send article as PDF
Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. For starters I leave it unplugged from the network. (There is no network card […]
There is a trojan making the rounds that is acquired by clicking on links in an email. That’s not necessarily new, however…. this email represents itself as an authentic-looking Microsoft security bulletin and the links are supposedly to updates (sorted by Windows version.) It’s important to point out that Microsoft does not send registered users […]
Incidents.org has a note on a recently noted trojan.spaxe.exe, that when on a system will mimic the windows notification dialogue “bubble” near the system tray with the following text. “Your computer is infected! Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and […]
Bookmark this site now by pressing Ctrl+D
