Maximus root kit downloads via MySpace social engineering trick.

Published: 2008-04-22
Last Updated: 2008-04-23 17:56:24 UTC
by donald smith (Version: 3)
0 comment(s)

A reader, GreggS, provided a link to a myspace page with a specific friendid that has java script that popsup a transparent background gif on top of the normal user page. The transparent background gif appears to be a Automatic Update of the Microsoft Malicious Software Removal Tool. This is likely to fool a fair amount of people.

“Clicking anywhere on the page (on large css layer on top) and your
browser initiates a download session from an ftp at and you are asked to download and/or run (no!)
the file.
The "Automatic Update" (not "Windows Update") dialog is simply a gif image. “
This appears to be a new version of Maximus

Virustotal results here:


Thanks to Ned who pointed out that

"!Maximus" is the name of the  heuristic detection engine for F-Prot (and hence Authentium) rather than the name of the rootkit."

0 comment(s)


Diary Archives