|
North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Israeli ISP's experience broadband dialer malware outbreak
- From: Gadi Evron
- Date: Wed Dec 22 11:32:39 2004
I received several notices today from fellow ISP's, originally from an
Israeli ISP's security information sharing mailing list, that several
large Israeli ISP's experience an outbreak that cause tech support lines
to overflow.
Basically, this malware appears to change dialer configuration for
broadband users. "Advanced" setting is turned back to "Basic", Local
Area Connection is being played with, the user name is changed to
<random number>username, etc.
The users get the following errors: 734 ,769, 789 or 800.
On the press, several rumors are circulating:
1. This thing is from Kazaa.
2. Process names are: chksp2.exe, sp2ctr.exe and glwgmgeb.exe.
3. Also, this link has been provided:
http://www.sophos.com/virusinfo/analyses/trojdlucam.html
We haven't yet got my hands on a sample, but I hope to have one soon.
I haven't seen any chatter about this in AV forums.. and for now it
seems to be limited to Israel unless someone can inform me differently?
Gadi.
|
|
|
