DSData - There's A Storm Brewing

| | Comments (0)

My colleague Chris Mannon recently came across a file that contains all sorts of Botnet fun and games, along with a fair amount of spam related action into the bargain....and final tie-in to a familiar face. Shall we take a look?

Of course.

I always like to get a look at the file sitting all harmless and stuff on the desktop - don't you? I hope so, because here it is:

dsdata1.jpg

It should come as no surprise that both files are "in use" by another application and you can't delete them via normal methods.

...yeah, it's not doing much yet but it does get more interesting. If the end user is duped into running the executable, it vanishes and deposits two files into the System32 Directory:

dsdata2.jpg

That's not all - I mentioned Spam, right? Well, while running, it has the ability to manipulate mail in Outlook (spam, spam, spam, spam) and specifically looks for Opera Mail usernames and passwords.

Can you guess what kind of Spam it sends?

dsdata4.jpg

....yep, it's related to our "good friend" The Storm Worm, because "Get Krackin" is the latest scam to come out of the Storm Stable.

We detect this bundle of joy as DSData.

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research and Discovery: Chris Mannon, FSL Senior Threat Researcher

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on October 18, 2007 9:26 AM.

SkypeDefender Doesn't Defend was the previous entry in this blog.

Q Nyx - Popup Heaven is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.