upb
November 20th, 2006, 06:07
interesting news report: http://www.itwire.com.au/content/view/7216/127/
I had a look at their 'disinfector', and what it seems to be doing is just:
1) kill ac.exe
2) delete ac.exe, ac.dll ac.lnk
3) remove a rule from registry that direct incoming smses to some com object
4) deregister that com object.
To me it seems there is no vulnerability or anything, they just install a trojan that registers itself in incoming sms hook and performs actions on received sms.
Thoughts?
I had a look at their 'disinfector', and what it seems to be doing is just:
1) kill ac.exe
2) delete ac.exe, ac.dll ac.lnk
3) remove a rule from registry that direct incoming smses to some com object
4) deregister that com object.
To me it seems there is no vulnerability or anything, they just install a trojan that registers itself in incoming sms hook and performs actions on received sms.
Thoughts?