Accessing certain URL will infect user's PC.
General users who use MSN frequently need to be careful on clicking URL.
2. Spreading path and symptoms of infection
This malicious file can infect on clicking URL.
Downloaded DSC002502011.JPG.src is masqueraded as a image file.
Furthermore, upon executed this malicious file, it will download additional malicious file.
Downloaded malicious kbn.exe will be saved as a winrsvn.exe on following path and will register in registry for running on boot.
[Generated File]
User account\Microsoft-Driver-[Random numbers]\winrsvn.exe
[Registry Information]
HKEY_CURRENT_USER\Sofrware\Microsoft\Windows\CurrentVersion\Run
"Microsoft(R) Service Update="%User account&Microsoft-Driver-[Random numbers]\winrsvn.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List
"%User account%\Microsoft-Driver-[Random numbers]\winrsvn.exe"
User account\Microsoft-Driver-[Random numbers]\winrsvn.exe
[Registry Information]
HKEY_CURRENT_USER\Sofrware\Microsoft\Windows\CurrentVersion\Run
"Microsoft(R) Service Update="%User account&Microsoft-Driver-[Random numbers]\winrsvn.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List
"%User account%\Microsoft-Driver-[Random numbers]\winrsvn.exe"
This malicious file will deliver following message and malicious file link to certain user.
[Message]
hab ich dir das foto schon gezeigt?
wie findest du das foto?
das foto solltest du wirklich sehen
so will ich nicht aussehen wenn ich alt bin
kennst du die person aufm foto?
kennst du das foto schon?
schau mal das foto an
unglaublich welche fotos leute von sich machen schau mal
die sieht aus wie angela merkel
tell me what you think of this picture i edited
i cant believe i still have this picture of you from last winter
should i make this my default picture?
this is the funniest photo ever!
tell me what you think of this photo
i don't think i will ever sleep again after seeing this photo
my parents are going to kill me if they find this picture
hab ich dir das foto schon gezeigt?
wie findest du das foto?
das foto solltest du wirklich sehen
so will ich nicht aussehen wenn ich alt bin
kennst du die person aufm foto?
kennst du das foto schon?
schau mal das foto an
unglaublich welche fotos leute von sich machen schau mal
die sieht aus wie angela merkel
tell me what you think of this picture i edited
i cant believe i still have this picture of you from last winter
should i make this my default picture?
this is the funniest photo ever!
tell me what you think of this photo
i don't think i will ever sleep again after seeing this photo
my parents are going to kill me if they find this picture
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.
* Diagnosis name
- Trojan-Downloader/W32.Agent.18944.FE
- Trojan-Downloader/W32.Agent.38912.CM
شركة صيانة وتشغيل ونظافة
ReplyDeleteكهربائي سيارات ممتاز بالدمام
كهربائي مكيفات سيارات في الرياض
كهربائي سيارات ممتاز في مكة
معلم محاره بالرياض
اسعار شركات نقل العفش بالدمام
شركة نقل اثاث بالقطيف
شركات نقل الاثاث من الدمام الى الرياض
شركة نقل اثاث بالدمام رخيص
شركة نقل اثاث بالجبيل
جهاز كشف تسرب الماء الدمام
جهاز كشف تسرب المياه في الاحساء
افضل معلم دهانات بالرياض
مقاول دهانات بالرياض
شركة نقل اثاث برابغ
شركة سباكة بالخبر