Thursday, December 18, 2008

IEDef family

IE Defender/Files Secure/MalwareBell/IE Antivirus/Total Secure 2009 Codec has been update, it installs a file with semi-random filename composed from a dictionary:
fk, ul, im, in, jz, uv, g, e

Possible filenames:
fkimjzg.dll, fkimjze.dll, fkimuvg.dll, fkimuve.dll, fkinjzg.dll, fkinjze.dll, fkinuvg.dll, fkinuve.dll, ulimjzg.dll, ulimjze.dll, ulimuvg.dll, ulimuve.dll, ulinjzg.dll, ulinjze.dll, ulinuvg.dll, ulinuve.dll

It displays alert messages with popups that download WinDefender 2009:

It also drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.