Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - Quick Launch toolbar spyware InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Quick Launch toolbar spyware

Published: 2003-05-12
Last Updated: 2003-05-12 13:10:38 UTC
by Handlers (Version: 1)
1 comment(s)

We received a few reports of e-mails advertising the 'quick launch' spyware as
an anti virus tool. A typical e-mail reads:

--------------------------------------------------------------------------------

Subject: Windows Update Notification

WINDOWS SECURITY WARNING!!

A VIRUS HAS BEEN DETECTED ON YOUR COMPUTER. IN ORDER FOR YOUR COMPUTER


NOT

TO CRASH YOU WILL NEED TO GO TO:

HTTP://WWW.WINDOWSUPDATENOW.COM

AND IT WILL AUTOMATICALLY UPDATE YOUR COMPUTERS SECURITY PATCHES.

SIMPLY TYPE IN HTTP://WWW.WINDOWSUPDATENOW.COM INTO YOUR BROWSER. OTHERWISE

YOU WILL KEEP RECEIVING THIS SECURITY ALERT EMAIL EVERY DAY

---------------------------------------------------------------------------------
Note the use of a 'plausible' domainname: windowsupdatenow.com

**This domain does not belong to Microsoft:

( This Domain is For Sale )
Joshuathan Investments, Inc.

62 Cleghorn Street

Belize City, Belize none

US


Domain Name: WINDOWSUPDATENOW.COM
Administrative Contact -

This Domain Is For Sale - joshuathaninvest@aol.com

( This Domain is For Sale ) Joshuathan Investments, Inc.

62 Cleghorn Street

Belize City, Belize none

US

Phone - 501-2-31244

Fax - 501-2-34222



Technical Contact -

This Domain Is For Sale - joshuathaninvest@aol.com

( This Domain is For Sale ) Joshuathan Investments, Inc.

62 Cleghorn Street

Belize City, Belize none

US

Phone - 501-2-31244

Fax - 501-2-34222

Once you enter on this page it will redirect you to another
URL (http://www.quicklaunch.com/perl/detection.pl).

When visiting the URL, it will attempt to install the
quicklaunch toolbar ( http://download.quicklaunch.com/quicklaunch154.cab ),
a known spyware program.

Removal instructions are available here:
http://www.doxdesk.com/parasite/BrowserAid.html
Keywords:
1 comment(s)
Diary Archives