Last Updated: 2008-04-23 17:56:24 UTC
by donald smith (Version: 3)
A reader, GreggS, provided a link to a myspace page with a specific friendid that has java script that popsup a transparent background gif on top of the normal user page. The transparent background gif appears to be a Automatic Update of the Microsoft Malicious Software Removal Tool. This is likely to fool a fair amount of people.
“Clicking anywhere on the page (on large css layer on top) and your
browser initiates a download session from an ftp at
microsofpsupports.cn and you are asked to download and/or run (no!)
The "Automatic Update" (not "Windows Update") dialog is simply a gif image.
This appears to be a new version of Maximus
Virustotal results here:
Thanks to Ned who pointed out that
"!Maximus" is the name of the heuristic detection engine for F-Prot (and hence Authentium) rather than the name of the rootkit."