...and thats probably an understatement. Many of you are familiar with the BandJammer Trojan that has been making its way around the media. For those who have not been following the story: here you go.
If you are one of the unlucky fans of Jetking who accidentally clicked the hijacked link to the Trojan, then you are probably having one heck of a time trying to get your PC back to normal. The BandJammer Trojan originally links to a couple of Chinese sites in order to download a file called install_cn.exe. It then installs an older version of Smitfraud through command line.
The 1 file runs another file that installs a dated version of Smitfraud.
Users can easily note this version of Smitfraud from the following entires:
MSVPS System - {93205C3F-1221-43F4-847F-007C6A4CE9A5} - C:\WINDOWS\advrepgpd.dll
The sdrmod - {BA79EE59-166F-4E9E-90A6-56489C45B48A} - C:\WINDOWS\sdrmod.dll
The files below are also added as ShellServiceObjectDelayLoad (these files automatically start with other services):
hupsrv - {33AEF198-6E36-4C80-9DB2-7EE99DB25122} - C:\WINDOWS\hupsrv.dll
bindmod - {3C82EBC1-C4BA-44EE-B21E-ACC91F46D2E8} - C:\WINDOWS\bindmod.dll
What is the purpose of this? Well why type when I can just show a screenshot.
This confused looking website shows us all the fabulous new Rogue Antispyware applications we are about to be bombarded with.
Here are just a few of the fake alerts users will see:
Do not bother trying to close any of these. Blatant fake alerts take you to their site tor you to install/buy the application in most cases, or they will just create non-closeable ads and force you to install them.
These kinds of attacks are becoming more and more frequent. Take the article that Paperghost wrote involving Skype worm spammers for example. Rogue antispyware applications are everywhere now and they show no sign of trending down. Your best defense against these attacks is to simply mind your clicks.
Leave a comment