Friday, 13 November 2009

Koobface "Locks" Computer With Captcha

Koobface is still going strong. Here you can see it in action. It "locks" the computer and asks the user to solve a captcha:

Koobface asking you to solve a captcha

I've pasted the FreeFixer log from the infected system. Everything is malware except freefixer.exe:

FreeFixer v0.49 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-11-14 01:55


Registry Startups (3 whitelisted)
HKLM\..\Run, sysldtray = c:\windows\ld15.exe
HKLM\..\Run, Captcha7 = rundll "C:\Program Files\captcha.dll",captcha
HKLM\..\Run, sysfbtray = c:\windows\freddy73.exe

Processes (19 whitelisted)
C:\Program Files\FreeFixer\freefixer.exe
c:\windows\freddy73.exe

Recently created/modified files
8 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\WEGR55JE\v2googlecheck[1].exe
8 minutes, c:\Program Files\captcha.dll
8 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\6CSRVCZ7\v2captcha[1].exe
20 minutes, c:\WINDOWS\zwer_1258158897.exe
20 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\6CSRVCZ7\v2googlecheck[1].exe
20 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\4HUF4TYN\v2captcha[1].exe
20 minutes, c:\WINDOWS\freddy73.exe
20 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\O1EF052R\fb[1].73.exe
20 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\6CSRVCZ7\get[1].exe
21 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\4HUF4TYN\ff2ie[1].exe
21 minutes, c:\WINDOWS\ld15.exe

End of FreeFixer log

No comments:

Post a Comment