The emails we received pointed to URLs like:
http://turismoaq.it/e-card.exe
http://pieralbrechtdr.com/e-card.exe
http://faunarium.net/e-card.exe
http://independenceinstrument.com/
Detection of the most recent version of the malware is horrible! At this timestamp, as illustrated by the current Virus Total Results, only 10 of 34 anti-virus engines can detect the product. I'm writing this at home where I run McAfee Security Center on my Vista Ultima machine. With a "just refreshed" version of the anti-virus, it still doesn't detect the 'e-cards.exe' that I just fetched from faunarium.net.
What does the virus do?
It starts out by creating a few files in the currently logged in users Temp folder, including:
dimarik_1.exe
inst2_294.exe
scan.exe
After a bit, a strange pattern emerges. Scanned files are being sent out to the Internet! I won't list the IP here (its been shared with law enforcement), but logs publicly viewable on the server's webpages indicated that thousands upon thousands of infected computers are sending files from themselves to this collection point. Logging one line per received file, there are days where this server has received more than 10 MB of log entries! Today so far, not quite 2 MB of log entries indicated 24,000 files retrieved.
No comments:
Post a Comment
Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.