Skip to comments.Auto download adware carries vicious payload
Posted on 03/03/2005 1:39:36 PM PST by holymoly
Security experts issued a warning this morning after detecting infections caused by Searchmeup, the first adware to use the Exploit/LoadImage vulnerability which downloads itself onto computers without the user's permission.
Panda Software's PandaLabs warned that the pages from which Searchmeup are downloaded also contain a series of exploits to download other malware onto the computer, such as the Tofger.AT Trojan, which steals banking passwords, Dialer.BB and Dialer.NO, and adware called Adware/TopConvert.
Searchmeup is downloaded onto the computer when the user visits maliciously coded web pages. Once installed it changes the home page to that of a search engine that displays pop-ups every time it loads with the aim of installing spyware and diallers on infected computers.
Searchmeup affects computers running Windows 2003, XP, 2000, NT, Me and 98, and allows arbitrary code to be run.
It could be exploited by an attacker hosting a specially crafted cursor or icon on a malicious web page or HTML email. Microsoft has released a patch to correct this problem, and users are advised to install it immediately.
The web pages from which Searchmeup is downloaded also drop Tofger.AT onto computers, a Trojan which runs every time Internet Explorer is opened.
Tofger.AT keeps track of the user's internet activity, logging passwords for secure 'https' connections which are often used for connections with online banks. Once it has collected this information, Tofger.AT sends it to a remote server.
Searchmeup can also generate an error in the 'services.exe' file, informing users that the computer will be restarted in one minute.
After the restart, the computer operates perfectly. On some occasions Searchmeup can also display blue screen errors, and Tofger.AT can actually update itself to a new version.
"The Exploit/LoadImage vulnerability can be used on web pages or HTML email by crafting a special icon or image file that causes a buffer overflow that in turn can be used to take control of the user's computer," said Patrick Hinojosa, chief technology officer at Panda Software US.
"This can be very serious as the user does not have to do anything unusual like opening a suspicious attachment. This is what is sometimes referred to as a 'drive by' attack."
Luis Corrons, director of PandaLabs, added: "The appearance of Searchmeup is a sign of the continuous evolution of malware, and of spyware and adware in particular.
"The first stage was that adware reached computers as a component of a freeware application, then web pages appeared that installed adware on users' computers using ActiveX.
"Now they have gone a step further, as Searchmeup exploits a vulnerability that even virus creators had not used until now."
freeware is ruined.
I just love Firefox!
Anyone caught intentionally pushing malware on PCs should be shot, I mean it. This has ramifications for the economy.
Important to stay up to date on everything... browsers, antivirus... and now this spyware adware stuff. I am using MS AntiSpyware Beta, even though I've never had any spyware or adware to speak of.
Wrong! They should be tortured first, then hanged, then drawn and quartered...then shot.
Ping for later
Bless your smug heart... the buggers will hassle you soon enough. ;~D
I don't know. The problem is if they can do it, Red China can do it. I want the systems secure. Nobody should be able to do it.
Way to be posting stuff from January 11th.
This has been patched since then and if you've simply had the autoupdate on, it hasn't affected you since then. It's what, March 3rd today?
PS. Firefox dl'd four trojans on me last week. IE was bulletproof on the same sites. FYI
Which reminds me...
|PC security-related links. All software is freeware/open source.
Last Update: 02/18/2005
On-demand virus checker
AntiVir® Personal Edition
The MS-DOS version is free
On-demand scanner. Detects & cleans a small number of virii/trojans (around 50).
On-demand AntiVirus Utility
|Alternatives to MSIE, Outlook & Outlook Express:
Mozilla Suite (browser, email & usenet client), Firefox browser, Thunderbird E-mail client
Off By One
The world's smallest and fastest web browser
Spybot - Search and Destroy
Offers on-demand scanning and full-time protection
Tiny Personal Firewall 2
(Last freeware version)
ZoneAlarm Free Download
CastleCops Security Forums
Cyber Tech Help Support Forum
How To Ask Questions The Smart Way
This guide will teach you how to ask questions in a way that is likely to get you a satisfactory answer.
|How-to and Tutorial:
PCWorld: How to Install a Firewall
Using Ad-Aware SE
Using Spybot - Search and Destroy
|Useful sites, articles, etc.:
Firewall Test, Security Test and Security Scan
Test your firewall against internal extrusions (leaks)
Spyware/Adware/Malware FAQ and Removal Guide
Waging the war against spyware
U.S. Computer Emergency Readiness Team
Mozilla Plugin Support on Microsoft Windows
Netscape Browser Archive
Because newer is not always better
Internet diagnostic tool
Combats adware, spyware, trojans, etc.
Anyone caught intentionally pushing malware on PCs should be shot, I mean it.I agree. Virus writers/Adware developers/Spyware authors are the absolute scum of the earth, and should be tied up and beaten with Louisville sluggers until only a bloody stump remains where their heads once existed.
In addition to Spybot S&D and AdAware, I use HiJack This! It is a program that takes care of browser hijacking by malware after it happens.
I don't see TDS3 or a2 personal in there, maybe add them?
I agree, and their body parts should be sold.
I have had many hours stolen from me the last 7 days fighting what sounds like the same thing.
I have beaten the stuff back, but my computer is going to have to have the hard drive replaced because of this garbage and I make my living from my computer.
if you have XP service pack 2, you dont need the fix
Don't forget to do the same to the spammers and virus writers.
He he he he...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.