Unknown Malware found csdiv.dll
From: Sven Carstens (sven.carstens_at_blinker-links.de)
Date: 06/29/04
- Previous message: Hubbard, Dan: "Scob infection statistics, etc.."
- Next in thread: Jim Halfpenny: "Re: Unknown Malware found csdiv.dll"
- Reply: Jim Halfpenny: "Re: Unknown Malware found csdiv.dll"
- Reply: Harlan Carvey: "Re: Unknown Malware found csdiv.dll"
- Reply: Jordan Wiens: "Re: Unknown Malware found csdiv.dll"
- Maybe reply: Sven Carstens: "Re: Unknown Malware found csdiv.dll"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: Tue, 29 Jun 2004 15:49:19 +0200
Hi list,
a friend of mine caught some really pain in the ass piece of malware.
As I didn't find any references to it via google, I'm posting a link, so
the real experts out there have a new toy to play with.
Malware http://www.demoserver.de/csdiv.dll_malware
The file itself is not found by AdAware. But it seems after getting
started it drops some well known other parts which are recognized and
removed by AdAware.
The csdiv.dll is started on starting IE via an url like
res://csdiv.dll/index.html#
Anyway I didn't find the injection point in the registry and searching all
files on disk for the dll name brought nothing at all.
What it found was some logfiles, dated on 2004-06-28 (same date as the dll).
These seem to be some installer logfiles.
Logfile http://www.demoserver.de/logfile_malware
CU Sven
- Previous message: Hubbard, Dan: "Scob infection statistics, etc.."
- Next in thread: Jim Halfpenny: "Re: Unknown Malware found csdiv.dll"
- Reply: Jim Halfpenny: "Re: Unknown Malware found csdiv.dll"
- Reply: Harlan Carvey: "Re: Unknown Malware found csdiv.dll"
- Reply: Jordan Wiens: "Re: Unknown Malware found csdiv.dll"
- Maybe reply: Sven Carstens: "Re: Unknown Malware found csdiv.dll"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
