Sep15
11:23 am (UTC-7)   |   by Jasper Pimentel (Advanced Threats Researcher)

Browsers are often used as platforms by spyware and adware in order to execute. By installing themselves as browser helper objects, spyware and adware give themselves a chance to execute whenever the user fires up the browser to do some web surfing.

But this technique is no longer exclusive to such malicious programs. A rootkit can also register itself as a BHO in the case of TROJ_LINKOPTIM.G. Based on initial analysis, this Trojan is the rootkit component of TROJ_RKDICE.H. TROJ_LINKOPTIM.G connects to several URLs containing scripts that may compromise security on the affected system. As a security measure, these URLs are blocked from access. The Trojan also uses a dose of social engineering when it present itself as a Network Monitor API of Microsoft which is clearly a bogus claim.

A solution for this threat has already been deployed in CPR 3.748.06.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Friday, September 15th, 2006 at 11:23 am and is filed under Uncategorized . Responses are closed, but you can trackback from your own site.



Comments are closed.


Browser as Major Distribution Vector for Malware
PDF Reader As Possible Launch Platform for Malware


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice