Thursday, December 11, 2008

IEDef family

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
k, l, m, n, z, u, g, e

Possible filenames are:
kmzg.dll, kmze.dll, kmug.dll, kmue.dll, knzg.dll, knze.dll, knug.dll, knue.dll, lmzg.dll, lmze.dll, lmug.dll, lmue.dll, lnzg.dll, lnze.dll, lnug.dll, lnue.dll

It displays alert messages with popups that download WinDefender 2009:

It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.