Another approach to trick users to download malware!

by Pekka on August 14th, 2008 in Definition File Updates.

Look out for email messages that urges users to download the latest version of internet explorer 7.0.

The email message may look like this:
Email message example.
As shown by the image above the email seems to be sent from [email protected] in order to make it look legitimate. The the download link "Download the latest version Internet Explorer 7.0" points to a URL that may look like this:

http://89.187.49.18/IE-7.0.exe

 

Downloading this malware file to the system results in for example additional downloads of malware onto the infected system, in this case the Rogue application Antivirus XP 2008. This rogue Creates files in System32 and a folder in Program files with random names making it hard to remove and the files are also continiously modified in order to avoid detection. The following image shows some of the possible payload that may be generated by the initial infection:

Possible payload.

The registry is also modified in order to make the installed malware run at system startup. Antivirus XP 2008, and other Rogue applications generates exaggerated threat reports on the compromised computer trying to make the user beliveve that the system is heavily infected and then asking the user to purchase a registered version of the Rogue application to remove the reported threats as the removal function is deactivated in the unregistered version of the Rogue:

Exaggerated threat reports.

The user desktop wallpaper may also be changed with the help of a few registry modifications:
[HKEY_CURRENT_USER\Control Panel\Desktop]
OriginalWallpaper="C:\WINDOWS\system32\phc7t8j0ep5c.bmp"

[HKEY_CURRENT_USER\Control Panel\Desktop]
Wallpaper="C:\WINDOWS\system32\phc7t8j0ep5c.bmp"

Giving the user desktop a new look, for example:

New Desktop Wallpaper.

This is why we wish to make users out there aware of the risks with falling for these kinds of download traps. We of course continuously strive for updating the Ad-Aware definitions in order to help the users to detect and remove pests like this but as the malware applications also gets updated continuously some users might find them selves in a situation where they have to remove a new variant of a certain pest manually. We are always very thankful to receive reports and new malware samples from our users via [email protected], as well as for answering additional questions regarding malware and malware removal. The best thing is of course to avoid downloading the malware in the first place and that is when this kind of threat awareness might come in handy.

Regards,

LS Pekka

Lavasoft Research

 

 

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now