Friday, January 30, 2009

IEDef family

IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
ju, lo, n, m, as, ix, t, z

Possible filenames:
junast.dll, junasz.dll, junixt.dll, junixz.dll, jumast.dll, jumasz.dll, jumixt.dll, jumixz.dll, lonast.dll, lonasz.dll, lonixt.dll, lonixz.dll, lomast.dll, lomasz.dll, lomixt.dll, lomixz.dll

It displays alert messages with popups that download WinDefender 2009 or IE-Security:

and alerts messages that redirect to fake online scanner.

It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.