- Mar 15, 2011
- 13,070
Security researchers warn that a malicious component distributed by an IM worm cripples antivirus systems and blocks access to many security-related websites.
The attack begins with malicious links spammed on Windows Live Messenger leading users to rogue pages distributing the trojan dropper.
According to BitDefender's Bogdan Botezatu "the payload is presented as multiple sections of Base-16 Unicode data.
"Conversion to ANSI reveals a set of buffers split by a separator. Ignoring the separators and dumping the data reveals an encrypted file packed with UPX."
The trojan attempts to cripple antivirus programs, but not in the traditional way by using a rootkit. Instead, it closes some of the processes which makes user's interaction with the security programs impossible.
Link