Feedback
Skip to content

Why donate?

Which type of operating system are you running?



12 November 2007

Myspace profiles links to security exploit

Recently the problems over at Myspace has got plenty of media attention. In short, some hacker has been able to add a background image covering the majority of many Myspace profile pages. If you click outside any of the clickable controls you will be taken to the hacker's web site where you are asked to install some fake codes, but more interestingly it also exploit a security hole in unpatched systems to automatically install software. The new software that apppeared on the system after running into the exploit are listed below in red:

FreeFixer v0.22 log
http://www.freefixer.com/
Operating system: Windows NT 5.1
Log dated 2007-08-19 17:11

Browser Helper Objects
{8018729F-3F80-4555-973B-EED3F3E8E4CD}, , C:\WINDOWS\System32\crtdl.dll (Remove)

Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.google.com/

Registry Startups
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

Autostart shortcuts
msn_0711_upd072301.exe, , C:\Documents and Settings\All Users\Start-meny\ProgramAutostart\msn_0711_upd072301.exe (Remove)

Processes (13 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program\FreeFixer\freefixer.exe
C:\Program\hjt\HijackThis.exe

Drivers (26 whitelisted)
tcgsozgq, , C:\WINDOWS\System32\drivers\kleutrqq.dat (Remove)

Suprisingly the majority of the anti-virus programs does not detect these malware files.

FreeFixer deletes crtdl.dll and msn_0711_upd072301.exe without any difficulties. However, I had to use the Windows XP recovery console to remove the kleutrqq.dat device driver.

Comments

ArthurT writes

Show comment -8 thumbs

Fred de Vries writes

Show comment -6 thumbs

Fred de Vries writes

Show comment -6 thumbs

Leave a reply