Friday, February 13, 2009

IEDef family

IEDef family Codec has been update, it installs a file with semi-random filename composed from a dictionary:
fe, gu, hy, jo, k, l, t, i

Possible filenames:
fehykt.dll, fehyki.dll, fehylt.dll, fehyli.dll, fejokt.dll, fejoki.dll, fejolt.dll, fejoli.dll, guhykt.dll, guhyki.dll, guhylt.dll, guhyli.dll, gujokt.dll, gujoki.dll, gujolt.dll, gujoli.dll

It displays alert messages with popups that download WinDefender 2009 or IE-Security:

and alerts messages that redirect to fake online scanner.

It also modifies Google result, and drops Internet Shortcut on the desktop, Favorites, Start Menu: Cheap Pharmacy Online.url, Cheap Software.url, MP3 Download.url, Search Online.url, SMS Trap.url and VIP Casino.url

Use SmitfraudFix to remove the infection.