![]() ![]() The downloaded file is no longer named and is created from a random list (e.g. (Linkoptimizer just couldn’t ignore the latest Internet Explorer exploits for VML and WebFolderIcon components.) New obfuscated JavaScript with recent exploits are now used to install the Trojan. New distribution domains were added to the list because gained too much bad publicity! (Check out our updated Trojan.Linkoptimizer writeup for a list of the dangerous domains.) ![]() How do users get infected with Linkoptimizer/Gromozon variants? We noticed that the complicated distribution scheme of Trojan.Linkoptimizer (shown in Figure 1) introduced a few significant changes, compared to the original scheme of the previous blog article. Several new features and improvements were integrated into the latest incarnation of this Trojan by the authors, who are probably getting paid well for all of their efforts. What we had originally dubbed "spaghetti threats" now look much more like multi-layered "lasagna threats". Gromozon) and the Italian Spaghetti saga, there have been some significant developments. Since we last talked about Trojan.Linkoptimizer (a.k.a.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |