Malware authors messing with SysInternals screensaver

July 14th, 2008

Malware authors seem to be having fun these days. They stole the BSOD screensaver from SysInternals and turned it into malware.

Note the message: “SYSINTERNALS_GREAT_SITE”

The screensaver is injected in two locations: the System32 folder, of course, as well as in the System Restore disk.

SysInternals (now owned by Microsoft) has made some really great tools: Process Explorer, Rootkit Revealer just to name a few.

JSegura

This entry was posted on Monday, July 14th, 2008 at 10:48 am and is filed under Malware Trends. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments