Unknown Malware 1
We recently came across a piece of Fraudware on one of our client PCs. This one is your typical faux anti-virus application which makes repeated attempts to get you to purchase itself.
The good news is that this was not a case of Vundo; it appears that the malware was only specific to one user profile.
Only one EXE was found; once it was deleted the issue went away. We quarantined a sample and I submitted a copy to Anubis as well as Offensive Computing. Neither of these sites could identify what kind of malware it was.
The report from Anubis can be found here. The sample can also be found on Offensive Computing by searching for the md5sum: 6b833d23ddfae069883a3b562e0435ba
The malware seems to have created its own proxy server and modified the settings in Internet Explorer. This prevented us from visiting any sites besides their created one.
I submitted a sample to Kaspersky’s Virus Labs for further analysis.
-G13
