Another round of rogueware

Today, we are seeing a surge in the level of ridiculous and badly written delphi malware. It’s not a part of the zlob family that we wrote about last week, but there certainly is a fakealert somewhere in there. Can you find it?:

If you haven’t heard, and apparently some of our readers haven’t, in the course of trying to run videos on your system, you may be prompted to install what is really a phony video codec. One seems to be all the rage today and was at the very end of February, prompting the user to download and run “setup_axplugin.exe”.

This setup file may have a cute avi file icon once it is downloaded, as though it is going to install an appropriate piece of software to display that wholesome video you’re trying to view:

Setup_axplugin.exe drops and runs “sysockeu.exe” and a handful other files, which copies out “mywallpaper.bmp” and reconfigures your system and desktop to display the bitmap file, along with its bad grammar and mispellings that you saw in the first screenshot above:

In turn, these guys are attempting to convince the user to install and pay for what we have been calling Vundo, another piece of “Rogueware”. It’s a trojan that doesn’t really clean up much of anything. From what we could tell, our clean lab systems that displayed this stuff weren’t really putting us in much danger at all.
This entry was posted in Online Fraud. Bookmark the permalink.

One Response to Another round of rogueware

  1. Disk4mat says:

    I come across the ‘phony video codec’ a couple times a day. Mostly from adult web sites.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>