Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

And, here come the Boston bombing spam

April 17th 2013 in Uncategorized

You don’t want to go there…

image

Screenshot of sample email

image

Network traffic at URL – there is Youtube content, but that’s not all – check out the other content being pulled from techpourri.com, and the highlighted EXE

imageimage

Antivirus tests make it clear that something is not right with that exe, which during tests was seen to use an old MSN Butterfly logo – if I recall correctly they stopped using that logo back in late 2009.

image

So let’s just take a quick look at what the installer does:

image

(Note: tmp.exe is later deleted)

image


Comments are closed.

Cite: http://blogs.technet.com/b/mmpc/archive/2013/04/16/how-to-protect-your-computer-against-dangerous-java-applets.aspx

Previous Entry

Cite: http://blog.malwarebytes.org/news/2013/04/yesterdays-database-update-issue/ Fix advice: http://forums.malwarebytes.org/index.php?showtopic=125138   If I’m reading the advice properly, the “fix” is basically to transfer all files in the Malwarebytes “Quarantine” folder to their original locations. Doesn’t this mean that *real* bad files already in the Quarantine folder could potentially also be restored?

Next Entry

Archives