Monday, January 5, 2009

IEDef family

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
int, syst, a, e, 1, 5, b, a

Possible filenames:
inta1b.dll, inta1a.dll, inta5b.dll, inta5a.dll, inte1b.dll, inte1a.dll, inte5b.dll, inte5a.dll, systa1b.dll, systa1a.dll, systa5b.dll, systa5a.dll, syste1b.dll, syste1a.dll, syste5b.dll, syste5a.dll

It displays alert messages with popups that download WinDefender 2009:

and alerts messages that redirect to fake online scanner.

It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.