Swatkat's rants

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 14 July 2007

Mozilla and Orkut-hating virus!

Posted on 13:10 by Unknown
This time, we have a virus which hates Orkut and Mozilla Firefox! Mozban virus does not allow PC user to Firefox browser and to open Orkut website. This virus makes use of AutoHotKey to do this and also to replicate itself. Mozban spreads through secondary storage devices like USB drives, CDs etc.
Here are the screen shots of message boxes displayed by the virus when Orkut website is opened or Firefox is launched:



Svchost.exe is nothing but renamed AutoHotKey program! Mozban creates a folder named heap41a in the root drive, and files listed below:
2.mp3
drivelist.txt
Icon.ico
offspring
reproduce.txt
script1.txt
std.txt
svchost.exe

And, the folder offspring contains:
MicrosoftPowerPoint.exe
autorun.inf

Files std.txt, script1.txt and reproduce.txt contain AutoHotKey scripts, which are executed by svchost.exe (renamed AutoHotKey).

Here are the screen shots Jotti Malware Scan results of files - svchost.exe and MicrosoftPowerPoint.exe - dropped by the virus:

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Autohotkey, Orkut hating virus | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Ax Video Plugin
    Ax Video Plugin is one of the latest fake codec/plugin in the block. The site http://axvideodownload.com/ uses the same old fake "Vide...
  • Javacool EULAlyzer!
    Have you ever read those ultra-long EULA (End User License Agreement) pages while you are installing any software? I think no one will read ...
  • Zlob brings back fake MP3s!
    Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here ). Afterwards, we started to see m...
  • twitcurl - C++ twitter API library
    twitcurl is an open-source pure C++ library for twitter REST APIs. Currently, it has support for most of the twitter APIs and it will be upd...
  • ThinkPoint rogue antivirus
    ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. ...
  • Rootkit detection, removal and prevention!
    Here's a Wiki definition for Rootkit: A Rootkit is a set of software tools frequently used by a third party (usually an intruder) after...
  • Antivirus 360 featured in top PC magazines and antivirus certification labs!
    No, we are not talking about Norton 360 , which is a genuine security software. This is about Antivirus 360 , one of the latest rogue securi...
  • yelpcurl - C++ Yelp API library
    yelpcurl is an open-source, pure C++ wrapper for Yelp's RESTful APIs . The library currently supports all the APIs provided by Yelp. yel...
  • Windows Filtering Platform (WFP) user mode examples
    So far, in Windows 2000/XP/2003 operating systems the packet filtering APIs ( PfXxx APIs) were used to implement TCP/IP packet filtering a...

Categories

  • a.exe
  • Autohotkey
  • C++
  • fake mp3 downloads
  • gop.exe
  • NewMediaCodec
  • OAuth
  • Orkut hating virus
  • Privacy Protector
  • rootkit
  • SysProt AntiRootkit
  • TDSServ rootkit removal
  • twitCurl
  • twitter
  • Udefender
  • Ultimate Cleaner
  • vdo_
  • Zlob
  • Zlob rootkit

Blog Archive

  • ►  2013 (1)
    • ►  June (1)
  • ►  2010 (6)
    • ►  October (2)
    • ►  September (2)
    • ►  July (1)
    • ►  April (1)
  • ►  2009 (12)
    • ►  September (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (4)
    • ►  January (5)
  • ►  2008 (44)
    • ►  December (6)
    • ►  November (6)
    • ►  October (4)
    • ►  September (15)
    • ►  August (2)
    • ►  June (2)
    • ►  May (1)
    • ►  April (1)
    • ►  March (6)
    • ►  January (1)
  • ▼  2007 (38)
    • ►  December (1)
    • ►  November (2)
    • ►  October (9)
    • ►  September (2)
    • ►  August (8)
    • ▼  July (11)
      • Fake Google Toolbar Installer
      • More variants of Zlob fake codec
      • Click-Codec : One more Zlob fake codec
      • PCPrivacyTool - Yet another rogue software
      • NewMediaCodecInstaller updated again!
      • Host-Codec - One more Zlob fake codec
      • Some new malware - a.exe, gop.exe etc
      • NewMediaCodec and Ultimate Cleaner
      • Mozilla and Orkut-hating virus!
      • NewMediaCodec - Updated!?
      • NewMediaCodec, Privacy Protector and Udefender
    • ►  June (3)
    • ►  March (2)
  • ►  2006 (6)
    • ►  September (1)
    • ►  August (2)
    • ►  May (1)
    • ►  February (2)
  • ►  2005 (30)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (5)
    • ►  August (11)
    • ►  July (6)
Powered by Blogger.

About Me

Unknown
View my complete profile