Skip to content

Why donate?

Which type of operating system are you running?

12 November 2007

Myspace profiles links to security exploit

Recently the problems over at Myspace has got plenty of media attention. In short, some hacker has been able to add a background image covering the majority of many Myspace profile pages. If you click outside any of the clickable controls you will be taken to the hacker's web site where you are asked to install some fake codes, but more interestingly it also exploit a security hole in unpatched systems to automatically install software. The new software that apppeared on the system after running into the exploit are listed below in red:

FreeFixer v0.22 log
Operating system: Windows NT 5.1
Log dated 2007-08-19 17:11

Browser Helper Objects
{8018729F-3F80-4555-973B-EED3F3E8E4CD}, , C:\WINDOWS\System32\crtdl.dll (Remove)

Basic Internet Explorer settings
HKCU\..\Main, Start Page =

Registry Startups
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

Autostart shortcuts
msn_0711_upd072301.exe, , C:\Documents and Settings\All Users\Start-meny\ProgramAutostart\msn_0711_upd072301.exe (Remove)

Processes (13 whitelisted)

Drivers (26 whitelisted)
tcgsozgq, , C:\WINDOWS\System32\drivers\kleutrqq.dat (Remove)

Suprisingly the majority of the anti-virus programs does not detect these malware files.

FreeFixer deletes crtdl.dll and msn_0711_upd072301.exe without any difficulties. However, I had to use the Windows XP recovery console to remove the kleutrqq.dat device driver.


ArthurT writes

-8 thumbs

Just to add...( to your hosts file)

Cut Them off at the pass. ( er .. HOSTS ).

# 13 Nov 2007, 14:54

Fred de Vries writes

Show comment -6 thumbs

Fred de Vries writes

Show comment -6 thumbs

Leave a reply