« Top 6 Botnets... | Main | New Botnet on the Loose... »

Mega-D Trojan Analysis

Filed in archive Malware by Sue Walsh on February 29, 2008

Secure works has released an excellent analysis of the Ozdock/Mega-D trojan, whuch is responsible for creating and adding to the Mega-D botnet. Here is an excerpt:

Some sample Ozdok filenames are icf.exe, icf32.exe, cacglivn.exe, guyymgvl.exe and mm27nov.exe. The (phony) embedded file description is "Microsoft Internet Countermeasures Framework". The older variants usually install themselves to %windows%\system32\svchost.exe:exe.exe or a similarly named alternate data stream (ADS). These streams are hidden from normal listing in Explorer or a command shell. Startup at boottime is facilitated by the addition of a system service labeled "ICF". Additionally, the system firewall settings are modified to add svchost.exe as an authorized application. mm27nov.exe does not appear to contain code to set up persistence across reboots, so it may simply be an update intended to be executed by an existing instance of Ozdok.

Check out more here-this is a must read!

Permalink: Mega-D Trojan Analysis
Tags: Anti spam Server anti spam Anti spam for exchange Exchange spam Attachment spam Antiphishing Spam bl

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/115359

GFI Adds Support for January 2008 Microsoft Security Updates - 31 January 2008

Botnet Source Code For Overachievers - 02 February 2008

Security Software Industry Takes First Steps Towards Forming... - 05 February 2008

Sponsored Post: SPAM, Viruses and the Blacklisting of... - 19 February 2008

Vote for Mega-D Trojan Analysis:

Currently 7.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 7.0 out of 4 vote(s) cast.

CW Toolbar
RSS	\| See all blog subscribe options
Google	\| What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter

Advertisement - Book yours here.

Contributors (Last 90 days)
Prakash Kannoth (4)
Sue Walsh (34)
Dameon Welch-Abernathy (2)
This site has 387 entries and is powered by Creative Weblogging since January 2006.
Do you want to start or edit an existing blog for us and get paid? More info.
Do you want to advertise on this blog? We have great ideas!
Do you have tips for us? Send them!

Discover I got Spam?! on your cell phone! Simply type the URL of your favorite blog in your mobile browser.

Advertise with us
Learn more about our advertising options, visit our shop or give Sonja a call at +1 (650) 331 8047.
NEW you can also chat with us.

Would you like to have a new interactive marketing channel for your company? Learn more about Sponsored Blogs with Creative Weblogging. See how we helped companies like Weblin and cellity reach their goals.
Would you like to reach millions of blog readers every day? See you banner on hundreds of blogs with TierOneAds? Stay in control measuring conversion in real time. Register now.
Would you like to make more money blogging? Use TierOneAds a new platform that allows you as a blogger to set your prices per impression. Register now.
Do you have a blog with more than 50k page views from the US? Let us market your blog and earn great fix payments and bonuses.

Would you like to see your text link here? Let us know!

Advertisement
Book yours here.

Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..

Disclaimer
Some of the contents of this site are protected Creative Weblogging Ltd. 2004-2008.

Advertisement - Book yours here..

Add your response to Mega-D Trojan Analysis:
Name: *	Email: (will never be shown)*	URL:

(* marked fields are required)
Notify me if more comments appear?	Subscribe to I got Spam?! newsletter? (Newsletters are sent out weekly).	Remember me
Security Code: * (Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)


We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Blog this at your site Mega-D Trojan Analysis:

Login*	Password*


Your blog system

Save your login data? (* Your login data are stored securely and encrypted)
Please enter a comment that will appear right after the post on your site:

Tell a friend about Mega-D Trojan Analysis
Recipient email:*	Your email:*

(* Both email addresses are required for sending this article. They will never be shown or used for any marketing purposes)
Please enter a message which will be shown together with the article:

Security Code: (Please help us to sort out spam.)

Mega-D Trojan Analysis

Filed in archive Malware by Sue Walsh on February 29, 2008

Related Entries:

Vote for Mega-D Trojan Analysis:

Add your response to Mega-D Trojan Analysis:

Blog this at your site Mega-D Trojan Analysis:

Tell a friend about Mega-D Trojan Analysis

Check out our Sponsored Blogs!

Our Editors recommend

Contributors (Last 90 days)

Categories

Archives

Advertise with us

Most popular

Recent Comments

Other blogs in the same channel in the Creative Weblogging Network

Ecommerce & Internet

Disclaimer

Find more recent entries from our other publications:

The Social Networking Weblog

The Dating Weblog

Web 2.0

The Search Engine Weblog

Well Woman Blog

IfEnergy