Swatkat's rants

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 15 August 2007

ecard.exe now becomes msdataaccess.exe

Posted on 11:06 by Unknown
Most of you might have got fake greeting card spam mails, with a link to download ecard. On clicking this link, you will be presented with few trojans and also advised to download and install ecard.exe to view the ecard. But now, the gang behind this malware have changed their trojan dropper's name to msdataaccess.exe from ecard.exe! Similar to the old ecard.exe variant, this new one installs malware such as Tibs rootkit etc.

Here's a screnshot of rooted files related to Tibs rootkit:

And, here's the screenshot of SSDT hook installed by the rootkit:


And lastly, I came across this ecard spam mail (Do NOT visit the link given below!):

"Partner() has created Holiday ecard for you
at bristos.com.

To see your custom Holiday ecard, simply click on the following Internet address (if your mail program doesn't support this feature you will need to COPY and PASTE the address into your browser's address box):

http://81.71.5.34/?4ee8af5c23933166b19e3393b5ca09ff74e82d

Send a FREE greeting card from bristos.com whenever you want by visiting us at:
http://bristos.com/
This service is provided and hosted by bristos.com."


And, that link opens up this page:

Yes! We are waiting for the contents to be uploaded by the Admins ;)
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Ax Video Plugin
    Ax Video Plugin is one of the latest fake codec/plugin in the block. The site http://axvideodownload.com/ uses the same old fake "Vide...
  • Javacool EULAlyzer!
    Have you ever read those ultra-long EULA (End User License Agreement) pages while you are installing any software? I think no one will read ...
  • Zlob brings back fake MP3s!
    Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here ). Afterwards, we started to see m...
  • twitcurl - C++ twitter API library
    twitcurl is an open-source pure C++ library for twitter REST APIs. Currently, it has support for most of the twitter APIs and it will be upd...
  • ThinkPoint rogue antivirus
    ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. ...
  • Rootkit detection, removal and prevention!
    Here's a Wiki definition for Rootkit: A Rootkit is a set of software tools frequently used by a third party (usually an intruder) after...
  • Antivirus 360 featured in top PC magazines and antivirus certification labs!
    No, we are not talking about Norton 360 , which is a genuine security software. This is about Antivirus 360 , one of the latest rogue securi...
  • yelpcurl - C++ Yelp API library
    yelpcurl is an open-source, pure C++ wrapper for Yelp's RESTful APIs . The library currently supports all the APIs provided by Yelp. yel...
  • Windows Filtering Platform (WFP) user mode examples
    So far, in Windows 2000/XP/2003 operating systems the packet filtering APIs ( PfXxx APIs) were used to implement TCP/IP packet filtering a...

Categories

  • a.exe
  • Autohotkey
  • C++
  • fake mp3 downloads
  • gop.exe
  • NewMediaCodec
  • OAuth
  • Orkut hating virus
  • Privacy Protector
  • rootkit
  • SysProt AntiRootkit
  • TDSServ rootkit removal
  • twitCurl
  • twitter
  • Udefender
  • Ultimate Cleaner
  • vdo_
  • Zlob
  • Zlob rootkit

Blog Archive

  • ►  2013 (1)
    • ►  June (1)
  • ►  2010 (6)
    • ►  October (2)
    • ►  September (2)
    • ►  July (1)
    • ►  April (1)
  • ►  2009 (12)
    • ►  September (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (4)
    • ►  January (5)
  • ►  2008 (44)
    • ►  December (6)
    • ►  November (6)
    • ►  October (4)
    • ►  September (15)
    • ►  August (2)
    • ►  June (2)
    • ►  May (1)
    • ►  April (1)
    • ►  March (6)
    • ►  January (1)
  • ▼  2007 (38)
    • ►  December (1)
    • ►  November (2)
    • ►  October (9)
    • ►  September (2)
    • ▼  August (8)
      • ecard worm turns to YouTube
      • Vivacodec - Zlob's new fake codec
      • Windows system file patching by ecard rootkit
      • ecard changes its appearance and rootkit, again!
      • Fake MP3 download sites pushing Zlob malware
      • ecard.exe now becomes msdataaccess.exe
      • XP Entertainments - New AV Killer Trojan
      • Navipromo reloaded!
    • ►  July (11)
    • ►  June (3)
    • ►  March (2)
  • ►  2006 (6)
    • ►  September (1)
    • ►  August (2)
    • ►  May (1)
    • ►  February (2)
  • ►  2005 (30)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (5)
    • ►  August (11)
    • ►  July (6)
Powered by Blogger.

About Me

Unknown
View my complete profile