Billps Tudios

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 29 December 2007

Winter.exe comes in like a Lion

Posted on 12:39 by Unknown

Earlier this month I started to see an increase in requests for a file name Winter.exe. I didn't have a good feeling about this filename and our follow up research proved I was correct. Our friend Temerc has a good write up on this infiltration at his forum, Temerc Internet Countermeasures. The other exe’s that appear to be included are infos.exe, autos.exe and a few randomly created filename. Fortunately, they all show up in WinPatrols’ startup programs list. The filename bronto.dll showed up in our IE Helpers list.


Google has done a good job at making it easy for people to create Blogs, but in many ways, it’s too easy. A huge number of Google Blogspot, blogs are being created and have become host sites for this file and other malicious programs. I wrote earlier his month that Spamhaus was blocking any Email which included a Google blog in the content of the message. This was a dramatic step but has proved to be necessary.


Trend Micro is referring to these blog traps as “Poisonous Blogs”. There are a number of ways you might get to these blogs including…

  • A link to the Blog is included in a teaser Email.
    (Typically, it’s a greeting card, free product, drug or naked celebrity. This week we’ve frequently seen what claims to be video of Bhutto’s assassination)

  • The blog might show up in a typical Google search.
    (These sites are too new to be validated by programs like SiteAdvisor)

  • You click on the “Next” button on a Blogspot site.
    (This feature is disabled on Bits from Bill)

Our friends at SunbeltBlog have also written about this topic and show how easy it can be to run across these blog traps. Alex at Sunbelt provided some good screen shots and stresses how video “codec” scams are frequently used as an malware entry point.

If you see a message that says “You need to download new version of Video ActiveX Object to play this video file”, run away! Don't press cancel or even trust the red close box in the corner. Press Ctrl-Alt-Del and look at your list of processes. Select your browser( iexplore.exe or firefox.exe) and click on End Process.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Blogspot, codec, Google, storm, Winter | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Support for Downloads without Surprises
    Last week I posted a message about the  packaging of ad supported programs along with popular software. It appears to be a common practice t...
  • Employee Manual to Prevent Cryptolocker and More
    A common way computers are infected or compromised has always been a simple yet well thought out deception. It can happen to anyone and the ...
  • What on Earth is “Cloud” Computing
    The new big buzz word in the computing world is “Cloud” computing. In the past I’ve been critical of the concept and even poked fun at Cloud...
  • Why Dancing with the Stars is #1
    Are you wondering why the heck I’m talking about TV Shows? Well, it’s still a little all about tech and some of my past experiences. In the ...
  • WinPatrol Cloud Edition Public Beta
    WinPatrol Adds the Newest Technology Available. You’ll now have access the knowledge of thousands of WinPatrol users shared in real-tim...
  • SQLite C Code to Read Cookies
    While most of the technology leaking from my brain is for a wide audience, today’s post is very technical in nature. I expected the informat...
  • Free #1 Tweak to Improve Windows Performance
    Every year billions of dollars are spent by folks just trying to improve the performance of their computers. Over the last couple years ther...
  • Forget the DVD & Save on your New Laptop
    I’ve written before about the coming death of the CD/DVD ’s for data storage.  While that time hasn’t come yet for desktop there is one real...
  • TWITTER ALERT
    Anyone who uses Twitter, DO NOT use the Twitter web interface until further notice. There is a code injection vulnerability being used tha...
  • Security Software Doesn’t Fix Human Nature
    If you’re interested in PC Security, you’ll want to check a look at research recently compiled by the folks at PC Pitstop. Even I was surpri...

Categories

  • 2007
  • 3G
  • AAPL
  • ABC
  • accelerometer
  • Achilles
  • Acrobat
  • Activex
  • adobe
  • Ads
  • advertising
  • Adware
  • Adwords
  • Airlines
  • Albany Medical Center
  • algorithm
  • Amazon
  • amber alert
  • AMUST
  • Animation
  • antimalware
  • Antivirus 2009
  • antivirus2008
  • AOL
  • Apple
  • applets
  • AQuantive
  • archive
  • Aruba
  • ASC
  • Ask.com
  • ATI
  • Audio
  • Autorun
  • AutoUpdate
  • autoupdates
  • AVG
  • Azure
  • backup
  • badware
  • Bakugan
  • Baseball
  • battery
  • Ben Edelman
  • Beta
  • BillP
  • Birthdayware
  • Bitlocker
  • Blackberry
  • BlackViper
  • bloatware
  • Blogger
  • Blogs
  • Blogspot
  • Blu-ray
  • Bluehoo
  • bluetooth
  • boinc
  • Bonjour
  • Brazil
  • break
  • Breakaway games
  • Brookman
  • Browser wars
  • C64
  • camera
  • Carpal Tunnel
  • CBS News
  • cell phone
  • CES
  • charity
  • Child Safety
  • chinese
  • Chris Cook
  • Christmas
  • Chrome
  • CIPAV
  • clampi
  • Cloud
  • CNet
  • codec
  • comodo
  • conficker
  • Control Panel
  • copy
  • coupon
  • craplets
  • crapware
  • Crawford
  • credit
  • credit card
  • credit cards
  • ctfmon
  • daylight savings time
  • Dell
  • demo
  • Discount
  • Disney
  • DNS
  • Dollar
  • Domain
  • Donna
  • Doubleclick
  • Downadup
  • Dreamscene
  • droid
  • DVD
  • Dvorak
  • Easter egg
  • eclipse
  • Ed Bott
  • Edelman
  • egreeting
  • Email
  • Environment
  • Epilepsy
  • EU
  • eWeek
  • explorer
  • facebook
  • false positive
  • false-positive
  • FBI
  • file types
  • finnish
  • FiOS
  • Firefox
  • fireworks
  • fix
  • flash
  • Flashpix
  • Fort Drum
  • foxit
  • fraud
  • FTC
  • games
  • garmin
  • Gateway
  • GE
  • George Bush
  • Germany
  • global
  • Godmode
  • Google
  • Google Research
  • GotoMyPC
  • gps
  • green
  • Groceries
  • Habitat
  • Hacks
  • hallmark
  • Halo
  • hard drive
  • Harry McCracken
  • Harry Potter
  • Harvard
  • HD-DVD
  • help
  • hidden files
  • Hijack
  • History
  • Hiton
  • homeland security
  • Honor Flight
  • hosts
  • Hubble
  • IAC
  • ICANN
  • IE
  • IE6
  • IE7
  • IE8
  • installers
  • interface
  • Internet
  • IPAddress
  • iPhone
  • iPod
  • Iraq
  • iTouch
  • iTunes
  • java
  • Kaspersky
  • Kazaa
  • kenmore
  • key logger
  • keygen
  • Keylogger
  • Kosovo
  • LA
  • lady chalupa
  • langa
  • Laptop
  • lawsuit
  • Legoland
  • Levar Burton
  • Linksys
  • Little League
  • Live Writer
  • Live.com
  • localize
  • Logo
  • London
  • LOP
  • lottery
  • Lucasfilm
  • Macintosh
  • Malware
  • Marie Domingo
  • Mary
  • McCracken
  • Media
  • Memorial Day
  • mgrs.exe
  • Micosoft
  • Microsoft
  • Microsoft Surface
  • MiFi
  • mit
  • moon
  • Mossberg
  • Mothers Day
  • MPack
  • MSFT
  • msn
  • MTV
  • Multicore
  • Music
  • MVP
  • MVP09
  • nasa
  • NBC
  • Nero
  • Netbook
  • Network
  • network solution
  • New York
  • newsletter
  • Nintendo
  • Nintendo Wii
  • NNEDV
  • Norton
  • NYAG
  • OAuth
  • obama
  • Office
  • OLPC
  • Olympics
  • OpenDNS
  • oprah
  • optimize
  • optout
  • Paperghost
  • passwords
  • Patch
  • Patriot Flight
  • PC Guy
  • pc pitstop
  • PC World
  • pcmag
  • PCWorld
  • PDC
  • PDF
  • pedipaws
  • performance
  • phishing
  • photos
  • Photoshop
  • Pinnacle
  • Piracy
  • Pirillo
  • pogue
  • Porn
  • pornware
  • postcard
  • prediction
  • prefetch
  • Preview
  • Price
  • privacy
  • Prodigy
  • Programming
  • PSP
  • Public Relations
  • Pytlovany
  • Q-Link
  • Quicktime
  • quotes
  • radio
  • realnetworks
  • realplayer
  • RegCleaner
  • RegCure
  • regedit
  • Registry
  • registry cleaner
  • Release
  • remove
  • Research
  • return policy
  • review
  • RIAA
  • Rivera
  • RMS
  • Road Runner
  • rogue
  • router
  • RTM
  • Rumor
  • safari
  • safety
  • sale
  • Sales
  • Santa Monica
  • scam
  • Schenectady
  • Scoble
  • Scott Dunn
  • Scotty
  • sd
  • Search
  • Sears
  • Security
  • Services
  • seti
  • ShellExecute
  • Shirt
  • SimCity
  • site advisor
  • slingbox
  • snopes
  • social engineering
  • social network
  • solid state disk
  • Sounds
  • Sp3
  • space station
  • SPAM
  • spamhaus
  • Special
  • speedtest
  • Spyware
  • SSD
  • Startup
  • Stats
  • Steve Bass
  • stopbadware
  • storm
  • STS-125
  • Sugar
  • Sunbelt
  • support
  • Symantec
  • tagged
  • Task Catcher
  • Task Scheduler
  • taskbar
  • Tax
  • Techorati
  • techwatch
  • teens
  • temp
  • Thinkpad
  • Thurrott
  • tinyurl
  • Tips
  • TiVo
  • TLD
  • Today Show
  • Toolbar
  • toolbars
  • top ten
  • topten
  • toys
  • Translator
  • transunion
  • Tree
  • Trend Micro
  • tricks
  • trillian
  • Trojan
  • tweaks
  • twitter
  • UAC
  • UI
  • Ultimate
  • Unbox
  • Unboxed
  • update
  • Updates
  • upgrade
  • url
  • USB
  • Utility
  • Valentine
  • Verizon
  • versions
  • Veteran
  • Video Games
  • Vista
  • Vulnerability
  • wall-e
  • war
  • Washington
  • web2.0
  • Webslice
  • WGA
  • Widget
  • WiFi
  • Wii
  • WiiItis
  • wiimote
  • Win7
  • Windows 7
  • Windows Secrets
  • Windows Update
  • Windows7
  • WinPartrol
  • WinPatrol
  • winpatrolflash
  • WinPatrolToGo
  • Winter
  • Wireless
  • Wristband
  • WSJ
  • WWII
  • x64
  • Xbox
  • XO
  • XO Laptop
  • XOActivity
  • Xobni
  • xolaptop
  • XP
  • XP SP3
  • xp3
  • Yahoo
  • Zero Day
  • Zone Alarm
  • Zwinky

Blog Archive

  • ►  2013 (31)
    • ►  November (2)
    • ►  October (1)
    • ►  September (1)
    • ►  August (2)
    • ►  July (3)
    • ►  June (5)
    • ►  May (2)
    • ►  April (3)
    • ►  March (2)
    • ►  February (5)
    • ►  January (5)
  • ►  2012 (30)
    • ►  December (3)
    • ►  November (3)
    • ►  October (2)
    • ►  September (2)
    • ►  August (2)
    • ►  July (3)
    • ►  June (2)
    • ►  May (1)
    • ►  April (4)
    • ►  March (4)
    • ►  February (2)
    • ►  January (2)
  • ►  2011 (28)
    • ►  December (4)
    • ►  November (2)
    • ►  October (4)
    • ►  September (2)
    • ►  August (2)
    • ►  July (2)
    • ►  June (2)
    • ►  May (2)
    • ►  April (2)
    • ►  March (2)
    • ►  February (3)
    • ►  January (1)
  • ►  2010 (44)
    • ►  December (2)
    • ►  November (3)
    • ►  October (3)
    • ►  September (4)
    • ►  August (3)
    • ►  July (3)
    • ►  June (3)
    • ►  May (4)
    • ►  April (4)
    • ►  March (3)
    • ►  February (3)
    • ►  January (9)
  • ►  2009 (90)
    • ►  December (6)
    • ►  November (8)
    • ►  October (6)
    • ►  September (4)
    • ►  August (4)
    • ►  July (12)
    • ►  June (6)
    • ►  May (11)
    • ►  April (7)
    • ►  March (9)
    • ►  February (9)
    • ►  January (8)
  • ►  2008 (122)
    • ►  December (9)
    • ►  November (11)
    • ►  October (14)
    • ►  September (6)
    • ►  August (9)
    • ►  July (9)
    • ►  June (10)
    • ►  May (13)
    • ►  April (8)
    • ►  March (10)
    • ►  February (10)
    • ►  January (13)
  • ▼  2007 (155)
    • ▼  December (15)
      • Favorite Posts of 2007
      • Give One Get One While You Can
      • Winter.exe comes in like a Lion
      • Favorite New Christmas Toys
      • New Activities and Games at XOActivity.com
      • OLPC XO Laptop: Getting Started
      • OLPC Evaluation Guide - First Impressions
      • Playing with my OLPC Laptop
      • Malware is FREE on Wireless Networks
      • Spamhaus Blocks Google Bloggers
      • Don't Give In to Charity Spam
      • Commodore 64: 25th Anniversary Celebration
      • Visit Skywalker Ranch with CNet
      • Mysteries of SD Flash Cards Exposed
      • Two "Must Have" Camera Features
    • ►  November (14)
    • ►  October (12)
    • ►  September (14)
    • ►  August (12)
    • ►  July (13)
    • ►  June (11)
    • ►  May (19)
    • ►  April (17)
    • ►  March (21)
    • ►  February (7)
Powered by Blogger.

About Me

Unknown
View my complete profile