SophosLabs blog

Animals already suffer from cruel treatment due to illegal trading and hunting. Now, they have to suffer because of malware as well. Recently, I chanced upon another typical obfuscated VBscript:

After de-obfuscating the encrypted layers of code, the Trojan unravels to a simple script with downloading functionality. The script also includes junk instructions to make analysis ‘harder’ e.g. if 1=2 then Wscript.echo “Impossible!”

Why do they even bother ?!

The link in the script brings us to a password stealing Trojan that drops this picture.

The malware authors have succumbed to such a low point in their miserable lives that they had to resort to such pictures to fool people. Sophos detects the obfuscated VBscript as Troj/Dloadr-CCE and the password stealing Trojan as Troj/PWS-AQG.

Posted on December 11th, 2008 by Lennard Cher
Filed under: Malware

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Malware, but only for a second in a day
• New spin on OSX/RSPlug Mac malware
• Swine Flu - Malware Fever
• I Want A Free Key Generator And A Free Bot On My Computer
• Conficker Infection Alert!!