Spyware Research: October 2007 Archives

Bang the Gong

| | Comments (0)

Gong is a Trojan that has the ability to alter Windows Explorer and other Windows programs so that it can run happily without the user ever knowing of its existence. After it's installed by a large Trojan bundler like Dloader.Small.ele or ConCommand, it quickly phones home and gets an infected file named "svchost.exe" whose true purpose is sinister, but not entirely unexpected. This installs a file called "ctfmon.exe" which runs with autorun.inf.
http://blog.spywareguide.com/upload/2007/10/autorun-thumb.PNG
This .inf sets alters Windows to run the infected file whenever they try to open or explore.

http://blog.spywareguide.com/upload/2007/10/ustrightclick-thumb.PNG
Clicking either of these will run ctfmon.exe.

When Ctfmon.exe is run, it creates several hidden windows with a single minded purpose...clicks. Clicks mean revenue, and revenue means there are bound to be bad actors.

While those hidden windows are running they are frantically clicking as many hyperlinks as fast as they can in order to drive, or appear to drive, visitors to their site.


How can you detect these hidden windows? Good question and it might depend on your build of computer. In our X-cleaner proudce there is a handy feature that allows you to see any and all windows open at the time. No magic, just technical vision!

http://blog.spywareguide.com/upload/2007/10/xclean-thumb.PNG
From here you can see what is causing the attack and even kill the process.

More and more rogues and cyber bandits are are using these kinds of below-the-belt tactics to inflate numbers to their websites in order to pump up revenue. You may not know who they are, but you can know what they are using.- Click and inspect so you are aware of what programs are soaking up your processing power and you can return your system to its rightful owner- you. With a click and kill.

Pages

About this Archive

This page is a archive of entries in the Spyware Research category from October 2007.

Spyware Research: August 2007 is the previous archive.

Spyware Research: June 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.