MSRT September '12 - Medfos, hijacking your daily search

From Botnets.fr
Revision as of 20:50, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " blogs.technet.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

MSRT September '12 - Medfos, hijacking your daily search
MSRT September '12 - Medfos.png
Botnet Medfos
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 10 Sep 2012 6:13 PM
Editor/Conference Microsoft
Link http://blogs.technet.com/b/mmpc/archive/2012/09/10/msrt-september-12-medfos-hijacking-your-daily-search.aspx (Archive copy)
Author Shawn Wang
Type

Abstract

In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we add Win32/Medfos. This is a fairly new family, but it is continuously gaining big detection numbers around the world, especially in the United States. The initial Win32/Medfos infection is usually a downloader component that is distributed in different ways; for example, by visiting a compromised website that redirects to an exploit or by existing malware that downloads it to the already-infected machine. As with a lot of other malware, Win32/Medfos drops itself into the %AppData% folder and adds a registry run key to reside in the system; if you want to know more details about this please refer to our Win32/Medfos family description.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1161,
   editor = {Microsoft},
   author = {Shawn Wang},
   title = {MSRT September '12 - Medfos, hijacking your daily search},
   date = {10},
   month = Sep,
   year = {2012},
   howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/09/10/msrt-september-12-medfos-hijacking-your-daily-search.aspx}},
 }