Malware via Adbrite
Results 1 to 4 of 4

Thread: Malware via Adbrite

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Malware via Adbrite

    An interstitial ad running on my site for IOSCO (oicu-IOSCO.com) seems to be causing the web browser to ask to download a file from lawcons.info called c.wmf that contains malware. I fear this is trying to use the previously know Windows WMF vulnerabilities. I've contacted Adbrite to get the ad campaign paused. Just wanted to let you know that this malware is not from my site. My guess is someone defaced the "International Organization of Securities Commissions" website and inserted the malware.

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Just wanted to let you know that this malware is not from my site. My guess is someone defaced the "International Organization of Securities Commissions" website and inserted the malware.
    A likely excuse
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Yep, that's a nasty critter: shows up as WMF exploit trojan downloader from most of the AV vendors on VirustTotal.com.

    I downloaded and ran it on a test PC and didnt do anything other than bring up empty picture in Picture Viewer. Packet sniffing shows no traffic. Hrm...what the heck is it supposed to do?!?

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    When it's active, it's supposed to serv up advertisements that will lead you to more sinister malware sites. It will DL content then pitch it at you right between the eyes. If you follow some of them, you'll find yourself part of a botnet faster than you can say, ho, ho ho!

    I've played with several variants of this nasty, all did about the same thing. The differences between them was the download locations for the dropper.

    By the sound of it, someone nuked the DL servers where the content was being served. Also, many times these things are abandoned by criminals once they are deemed ineffective and you may be seeing the remnants.

    --TH13

    Note to self. Iron Geek == Malware King.

    Last edited by thehorse13; December 21st, 2006 at 12:17 PM.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •