PDA

View Full Version : Malware being downloaded by KoC...



OzymandiasIV
22nd March 2006, 12:04 PM
I don't know which advertiser is doing it, but the past two days I've had malware downloaded onto my machine using IE.

I keep getting the TROJ_DLOADER.BWJ into my temporary internet files.
Malware type: Trojan
Aliases: Downloader-RK, Win32/SillyDl.AEI
In the wild: Yes
Destructive: No
Language: English
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Encrypted: No
Overall risk rating: Low
Reported infections: Low
Damage potential: Medium
Distribution potential: Low

Description: A Trojan application is a malware with no capability to spread into other systems. It is usually downloaded from the Internet and installed by unsuspecting users. This Trojan is the Dynamic Link Library (DLL) component of other malware or grayware. It is used to support the malicious routines of the said malware or grayware. Upon execution, this Trojan creates several registry keys as part of its installation routine.

Computers infected since February 21, 2006
North America 2,130
Europe 61
Asia 26
Australia and New Zealand 1
Africa 0
South America 0
Total 2,218

Can we please stop this?


:redcard:

Xull
22nd March 2006, 12:25 PM
There is a thread in the great hall on how to report it...
and as for what else to do, if you have xp, consider installing sp2... it'll help.
and regardless of your os, you don't have to use ie...

ricky326123
22nd March 2006, 12:57 PM
HA HA HA USING IE!!!! ROFL ROFL ROFL IE

www.getfirefox.com

Xull
22nd March 2006, 02:35 PM
HA HA HA USING IE!!!! ROFL ROFL ROFL IE

www.getfirefox.comWould you mind being a bit more constructive and less bashing? such as saying WHY?

Its because of this kind of attitude that I have that site blocked... systemwide.

Anyway, a system with all updates shouldn't have as much of a problem with malware (even with ie :P) yes, soe software wasn't as compatible with sp2, but sp2 has been around for a while now...
Also if you want to be on the safe side, add the ad sources for koc (such as adserver.kingsofchaos.com) to a no-scripting group... If it can't run anything, it can't cause much trouble either :P

OzymandiasIV
22nd March 2006, 03:06 PM
I appreciate the response, my network admin at uni blocks all browsers but IE (and Opera but only because I suspect they haven't thought of it).

For a network user like me, setting up scripting is something I may not even have rights to do. I'm just really upset that we even need to be having this conversation...

Xull
22nd March 2006, 04:26 PM
thats odd... they block everything but ie?!
hmmm how do they block it?
If its by useragent, you can change that ;)

STARBLASTER
23rd March 2006, 04:36 PM
Any these are ALL via KOC ads.
I cleaned once to test.
Removed all spyware, loaded KOC home page, closed the page, scanned again for spyware and found 12 of the bastards.
Sure glad they 'aren't' malicious.