Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-01-12 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

YaY popup

Published: 2007-01-12
Last Updated: 2007-01-12 04:36:44 UTC
by Swa Frantzen (Version: 2)
0 comment(s)
We're seeing an outbreak of some malware causing pop-ups. It's possibly caused by a file USB.EXE, we're not sure if this is the only name used.

This new beastie is rather obnoxious: it seems to overwrite system binaries such as system tray tools, anti-virus software, instant messaging software, ... It also seems to hijack Internet Explorer and might be calling home that way.
We're currently seeking more information regarding the intial infection vector so if you have anything to share on how the thing started (Email, IM, web, ...) and have some pointers there, we'd be much obliged.

USB.EXE:
MD5:  562eacac46c54b273b42e8b8d89f2782
SHA1: 31dc9ce30a2ddd9dc2c080835f29c0482937f4f6
Keywords:
0 comment(s)
Diary Archives