«
»

It’s not Kaspersky…

August 24th, 2009

There’s a nasty site out there, that has nothing to do with Kaspersky and yet uses the brand name to lure users.

x.kaspersky-com.info

The page greets you with no less than 3 iframes:

k

If you check the first iframe, you notice that it uses “jpg” to hide malicious exploit code. A technique well used to bypass security scanners.

k2

That’s how one of the jpg looks like:

k3

Upon successful exploit, a file is downloaded from x.kaspersky-com.info/mm.exe

Looks like another Agent Trojan.

k4

Jerome Segura

Malware ID: 44e0c70cefe5e6db6e7115a061e86dc9.zip

ParetoLogic, a Microsoft Certified Partner

 

RSS feed to this site Twitter Linkedin YouTube Channel

 

RSS feed to this site
Jerome Segura is a Security Analyst working at ParetoLogic.

You can contact him at:
MalwareDiaries Email

 

Pages




Security Software




Malware Top 10




Archives




Categories
 
 
 
Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.

© 2010 ParetoLogic Inc.