SophosLabs blog

The beginning:

“Once upon a time, a week ago,”
“There began a tale of woe.”
“A multi-component Trojan, clever as can be,”
“Winlogon was its target, as we shall see.”

The Trojan:

“Winlogon, Winlogon, where art thou?”
“I want you to run my DLL now.”
“You may run, you may hide,”
“Once infected, my command you shall abide.”

The infected user:

“Winlogon is connecting to Estonia, I see,”
“Infected Winlogon? Could it be?”
“Oh, to have a computer free of pain,”
“If only I could login with confidence again.”

SophosLabs:

“An infected Winlogon you say?”
“Don’t worry, we can make the problem go away.”
“Let’s write disinfection quick, quick quick,”
“Then SAV6 and a reboot will do the trick.”

The end:

“And so ended a tale of woe,”
“Troj/WLHack-A and Troj/WLHack-C no more.”
“No doubt further variants we shall find,”
“Not yet can we have peace of mind.”

Posted on May 11th, 2007 by SKM, SophosLabs UK
Filed under: General

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Patching system files: the fancy alternative to autorun keys
• Give Them an Inch and They’ll Try to Rule!
• Patching system files: Part II
• Self cleaning malware back in vogue?
• Not Another Anjelina Jolie Malware Campaign