/* Style Definitions */
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
font-family:”Times New Roman”,”serif”;}
another campaign that uses several exploits in an attempt to drive-by-download
other malware on vulnerable systems, similar to Trojan.Exploit.SSX. This time, Trojan.Delf.POH is the
payload. Trojan.Delf.POH monitors your browsing habits and sends the
information back to its servers to produce targeted pop-up advertisements.
- iframes which lead to different versions of
the Flash Player exploit
- exploit for SSReader consisting in a buffer overflow vulnerability in the
of an ActiveX control
exploits give the attacker the possibility to download and execute arbitrary
code on the affected machine (Trojan.Delf.POH)
e-threat is probably received via spam email as an attachement under the name
skype.exe. After execution, the file drops and runs three files and
displays an error message to make the user believe the file was invalid.
(detected: Trojan.VB.NXI )
(detected: Trojan.Rensom.B )
and uninstlv16.exe spread the original malware infection to all available
removable disks. It copies the malware with the name “Skype.exe” and
creates an “autorun.inf” in order for the file to be executed when the
removable disk is plugged into another computer.
will encrypt almost all the files on your hard drive (except the critical
system files). Meanwhile it will display a ransom note, asking the user to pay
a small fee in order to recover his files.
in this article is available courtesy of BitDefender virus researchers: Daniel
Chipiristeanu, Adrian Stefan Popescu