Sunday, April 09, 2006

New SpyAxe\SmithFraud Variant

A couple of new sites have been found using the same tactics as previous versions, pop ups which claim you are infected with something and homepage re-directs. The new sites are:
BestsecurityguideDOTcom securityfeatureDOTcom

New files and a BHO:
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hpAD57.tmp

The file names are not quite entirely new, Vundo infections use similar names, with the 'hp' followed by a random number and .tmp extention.

Users can still use the fix as previously recommended at Bleeping Computer

No comments: