Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Maximus root kit downloads via MySpace social engineering trick. - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Maximus root kit downloads via MySpace social engineering trick.

A reader, GreggS, provided a link to a myspace page with a specific friendid that has java script that popsup a transparent background gif on top of the normal user page. The transparent background gif appears to be a Automatic Update of the Microsoft Malicious Software Removal Tool. This is likely to fool a fair amount of people.

“Clicking anywhere on the page (on large css layer on top) and your
browser initiates a download session from an ftp at
microsofpsupports.cn and you are asked to download and/or run (no!)
the file.
The "Automatic Update" (not "Windows Update") dialog is simply a gif image.
http://img404.imageshared.cn/img/20048/removaltool6gx87.gif “
This appears to be a new version of Maximus

Virustotal results here:
http://www.virustotal.com/analisis/3a29d07603a0430a74e8aa77bc81e6bb

donald

206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!