Posted on 03/03/2005 1:39:36 PM PST by holymoly
Security experts issued a warning this morning after detecting infections caused by Searchmeup, the first adware to use the Exploit/LoadImage vulnerability which downloads itself onto computers without the user's permission.
Panda Software's PandaLabs warned that the pages from which Searchmeup are downloaded also contain a series of exploits to download other malware onto the computer, such as the Tofger.AT Trojan, which steals banking passwords, Dialer.BB and Dialer.NO, and adware called Adware/TopConvert.
Searchmeup is downloaded onto the computer when the user visits maliciously coded web pages. Once installed it changes the home page to that of a search engine that displays pop-ups every time it loads with the aim of installing spyware and diallers on infected computers.
Searchmeup affects computers running Windows 2003, XP, 2000, NT, Me and 98, and allows arbitrary code to be run.
It could be exploited by an attacker hosting a specially crafted cursor or icon on a malicious web page or HTML email. Microsoft has released a patch to correct this problem, and users are advised to install it immediately.
The web pages from which Searchmeup is downloaded also drop Tofger.AT onto computers, a Trojan which runs every time Internet Explorer is opened.
Tofger.AT keeps track of the user's internet activity, logging passwords for secure 'https' connections which are often used for connections with online banks. Once it has collected this information, Tofger.AT sends it to a remote server.
Searchmeup can also generate an error in the 'services.exe' file, informing users that the computer will be restarted in one minute.
After the restart, the computer operates perfectly. On some occasions Searchmeup can also display blue screen errors, and Tofger.AT can actually update itself to a new version.
"The Exploit/LoadImage vulnerability can be used on web pages or HTML email by crafting a special icon or image file that causes a buffer overflow that in turn can be used to take control of the user's computer," said Patrick Hinojosa, chief technology officer at Panda Software US.
"This can be very serious as the user does not have to do anything unusual like opening a suspicious attachment. This is what is sometimes referred to as a 'drive by' attack."
Luis Corrons, director of PandaLabs, added: "The appearance of Searchmeup is a sign of the continuous evolution of malware, and of spyware and adware in particular.
"The first stage was that adware reached computers as a component of a freeware application, then web pages appeared that installed adware on users' computers using ActiveX.
"Now they have gone a step further, as Searchmeup exploits a vulnerability that even virus creators had not used until now."
That's a lot of links... my Microsoft life seems a lot simpler to me... and the people writing the code actually have jobs ;~D
Security ping
Kerio has a free version of their firewall program here: http://www.kerio.com/us/kpf_download.html
IMO HiJack this is a bit powerful for the average user. Most of the time, when the automated tools don't work for someome, I steer them towards the SpywareWarrior.com forum, where they can find out more about HiJack this, and post their logs for expert help. (Better safe than sorry.)
Speaking of blasting computers with shotguns, http://www.homestarrunner.com/sbemail118.html
A little comic relief from one of the strangest sites out there.
Anti trojan. Free trial.
http://tds.diamondcs.com.au/
This is the reason I no longer visit Drudge's page. He should change the name of his page to the Popup and Spyware Report. Who knows what measures he is taking to make sure the pop ads he accepts are clean. And if you clear out your adware, then visit his site and check again, you can see he has dropped three to five spyware programs on your computer.
I'll wait until someone posts on FR what is on Drudge to see what he has to say. Too risky going to his page.
Thanks!
Yes, nearly two months ago. Anyone with automatic updates turned on should already have this.
I'm not as cocky about Firefox as I used to be, since we're starting to see malware and Trojans coded for it. It's still generally safer than IE, and better too IMO (tabbed browsing, among other things), but now that it's getting notice and market share, the script kiddies are starting to find its holes. No software is perfect.
}:-)4
Thanks again.
fyi
http://forums.majorgeeks.com/showthread.php?t=35407
Sometimes it requires more than just installing Ad-Aware and Spybot.
Thanks- I'll inform friends and relatives.
I rec'd an email from MSFT today which said that there will be no new security updates for the month of March.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.