This entry was posted on Wednesday, January 27th, 2010 at 1:58 pm and is filed under .
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
I didn’t have a chance to dig into this piece of malware. It appears to be the normal fake antivirus stuff – which normally comes in via phishing or or XSS off websites. That is – users running random executables.
To detect it, just look for weird DNS entries for Microsoft or HTTP gets going to non-ms IPs with MS hostnames.
A client of mine started getting warnings from Trend Worry Free on 2/4/10 about trying to get to that IP.
I’ve thrown most everything I know of at this and haven’t found the cause. Any recommendations on how to get rid of the cause of this!?
feetsdr@gmail.com
I didn’t have a chance to dig into this piece of malware. It appears to be the normal fake antivirus stuff – which normally comes in via phishing or or XSS off websites. That is – users running random executables.
To detect it, just look for weird DNS entries for Microsoft or HTTP gets going to non-ms IPs with MS hostnames.