MSRT September '12 - Medfos, hijacking your daily search
(Publication) Google search: [1]
| MSRT September '12 - Medfos, hijacking your daily search | |
|---|---|
| |
| Botnet | Medfos |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 10 Sep 2012 6:13 PM |
| Editor/Conference | Microsoft |
| Link | http://blogs.technet.com/b/mmpc/archive/2012/09/10/msrt-september-12-medfos-hijacking-your-daily-search.aspx (Archive copy) |
| Author | Shawn Wang |
| Type | |
Abstract
“ In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we add Win32/Medfos. This is a fairly new family, but it is continuously gaining big detection numbers around the world, especially in the United States. The initial Win32/Medfos infection is usually a downloader component that is distributed in different ways; for example, by visiting a compromised website that redirects to an exploit or by existing malware that downloads it to the already-infected machine. As with a lot of other malware, Win32/Medfos drops itself into the %AppData% folder and adds a registry run key to reside in the system; if you want to know more details about this please refer to our Win32/Medfos family description.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1161,
editor = {Microsoft},
author = {Shawn Wang},
title = {MSRT September '12 - Medfos, hijacking your daily search},
date = {10},
month = Sep,
year = {2012},
howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/09/10/msrt-september-12-medfos-hijacking-your-daily-search.aspx}},
}