Friday 13 November 2009

Koobface "Locks" Computer With Captcha

Koobface is still going strong. Here you can see it in action. It "locks" the computer and asks the user to solve a captcha:

Koobface asking you to solve a captcha

I've pasted the FreeFixer log from the infected system. Everything is malware except freefixer.exe:

FreeFixer v0.49 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-11-14 01:55


Registry Startups (3 whitelisted)
HKLM\..\Run, sysldtray = c:\windows\ld15.exe
HKLM\..\Run, Captcha7 = rundll "C:\Program Files\captcha.dll",captcha
HKLM\..\Run, sysfbtray = c:\windows\freddy73.exe

Processes (19 whitelisted)
C:\Program Files\FreeFixer\freefixer.exe
c:\windows\freddy73.exe

Recently created/modified files
8 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\WEGR55JE\v2googlecheck[1].exe
8 minutes, c:\Program Files\captcha.dll
8 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\6CSRVCZ7\v2captcha[1].exe
20 minutes, c:\WINDOWS\zwer_1258158897.exe
20 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\6CSRVCZ7\v2googlecheck[1].exe
20 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\4HUF4TYN\v2captcha[1].exe
20 minutes, c:\WINDOWS\freddy73.exe
20 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\O1EF052R\fb[1].73.exe
20 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\6CSRVCZ7\get[1].exe
21 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\4HUF4TYN\ff2ie[1].exe
21 minutes, c:\WINDOWS\ld15.exe

End of FreeFixer log

No comments:

Post a Comment