Sophos

Download Windows 7 security - A great leap forward or business as usual?

« More fake YouTube malware sites Not a good time to become a Merchant Banker »

Jokes on you

Malware often utilizes distraction techniques such as audio or video clips to both appear harmless and draw the unsuspecting users attention away from what might really be happening.

Today’s sample of yet another password stealer Troj/PWS-ATP is no different. Arriving as a scriptable WinRar self extractor (SFX) the Trojan drops two components to the temporary folder and launches them. Of these two components, one is the real malware and the other is the “distraction”. The malware installs a DLL into %WINDOWS%\Debug\winhlp.dll and sets it to auto-load by registering it as a ShellExecute hook. Once installed, only this dll need be present, all other components are discardable and serve only as delivery vechicles.

pants down

On the whole this is nothing new, except perhaps for the (possibly deliberate) attempt by the author to let the victim know they’ve been caught with their pants down :P

Posted on September 15th, 2008 by Pete, SophosLabs AU
Filed under: General, Malware

Email this story to a friend   Digg   Reddit   Technorati   Slashdot   Facebook   Twitter   NewsVine   MySpace   Google   Live   Mixx   del.icio.us   StumbleUpon  

Download Windows 7 security - A great leap forward or business as usual?

Related posts