Wednesday, March 25, 2009

Quickpost - new malware

New malware uploaded this evening. It's been causing problems everywhere.

Symantec Calls this TidServ.G - It poisons DHCP and DNS and redirects DNS to the Ukraine. This is the latest in DNS/DHCP poisoning malware.

I call it exemplar18 ;)

A quick word about the graphic (being a graphical person)..

The screenshot above is from HBGary's Responder Pro looking at the memory dump. Note the loop on the left hand side? That's an awesome representation of an 'if' loop that is checking if the host is running security software (anti malware). The malware will kill that software.