|
Posted by David H. Lipman on August 12, 2006, 7:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I don't know how many of you know about this one.
I have been seeing a rise in a new way to get you infected with malware. It
actually isn't
too new. It is almost two years old. However its use is rising and may become
more
prevalent in the coming months.
Here's the deal.
I am seeing new Social Engineering posts in the alt.binaries.* News Groups.
Instead of directly attaching malware, these posts are exploiting the Windows
Media Player
DRM.
Being posted are WMV files and when you play the WMV files you have to agree to
a EULA and
when you click on "Play Now" it will download SETUP.EXE from
static.zangocash.com the EXE
is a malware installer for Zango/180Solutions.
The SETUP.EXE file is fairly well recognized such as;
Ewido: Adware.180Solutions and
Kaspersky: not-a-virus:AdWare.Win32.180Solutions.as
The WMVs are not so well recognized but here is a sampling...
AntiVir -- EXP/WMV.A.1 , EXP/WMV.A.2
AVG -- Downloader.Wimad.B
BitDefender -- Trojan.Wimad.A
Ewido -- Downloader.Wimad.h
Fortinet -- W32/WIMAD.C!tr
Ikarus -- Trojan-Downloader.WMA.Wimad.h
Kaspersky -- Trojan-Downloader.WMA.Wimad.h
UNA -- TrojanDownloader.WMA.Wimad.D7FF
Some of these WMVs are too large to submit as their sizes surpass the maximum
submission
size set by the anti malware vendors.
{ I originally Cross-Posted this to microsoft.public.security.virus but the News
Server
filters blocked the original post. I am reposting this for those who just read
the MS News
Server }
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
| 
XML site map