Thursday, December 4, 2008

What your antivirus isn't telling you part II

If my last post on this subject wasn't clear. Here's an illustration:

12/2/08 - The Hallmark/Coke/Mcdonalds postcard/promotions/coupon malware was being sent via email.

12/2/08 - Malware was submitted at 3:30pm

12/2/08 - At 6:15pm the malware was classified as downloader by Symantec.

The definition of downloader?

Downloader connects to the Internet and downloads other Trojan horses or components.

What does that malware actually do?

It spreads in multiple ways:
Reads your address books and emails the malware
Copies itself to USB media

It also:
is a keylogger
opens a backdoor
Phones home over port 80
Injects itself in to explorer.exe


For 24 hours this was detected as "downloader" yet it is clearly more than that. In fact it was given it's own name of W32.ackantta@mm.

24 hours is enough time to do a good amount of damage depending on where this thing is installed.