MSRT September '12 - Medfos, hijacking your daily search
(Publication) Google search: [1]
MSRT September '12 - Medfos, hijacking your daily search | |
---|---|
![]() | |
Botnet | Medfos |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 10 Sep 2012 6:13 PM |
Editor/Conference | Microsoft |
Link | http://blogs.technet.com/b/mmpc/archive/2012/09/10/msrt-september-12-medfos-hijacking-your-daily-search.aspx (Archive copy) |
Author | Shawn Wang |
Type |
Abstract
“ In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we add Win32/Medfos. This is a fairly new family, but it is continuously gaining big detection numbers around the world, especially in the United States. The initial Win32/Medfos infection is usually a downloader component that is distributed in different ways; for example, by visiting a compromised website that redirects to an exploit or by existing malware that downloads it to the already-infected machine. As with a lot of other malware, Win32/Medfos drops itself into the %AppData% folder and adds a registry run key to reside in the system; if you want to know more details about this please refer to our Win32/Medfos family description.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1161, editor = {Microsoft}, author = {Shawn Wang}, title = {MSRT September '12 - Medfos, hijacking your daily search}, date = {10}, month = Sep, year = {2012}, howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2012/09/10/msrt-september-12-medfos-hijacking-your-daily-search.aspx}}, }