본문 바로가기
신종악성코드정보

파이어폭스 애드온으로 설치되는 악성코드

by viruslab 2009. 9. 4.


감염된 상태에서 파이어폭스를 실행하면 다음과 같이 가짜 Adobe Flash Player 0.2 확장 기능처럼 위장하는 신규 부가기능이 설치되었다는 화면이 보여집니다.

http://blog.trendmicro.com/firefox-addo-spies-on-google-search-results/

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_EBOD.A

http://threatinfo.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_EBOD.A

http://vil.nai.com/vil/content/v_218725.htm

http://www.threatexpert.com/report.aspx?md5=55e99dd8240b8e773e1bcb8110d0034a

http://www.virustotal.com/analisis/4d2dcbc40ad20fd3d59ab20c06319c48f6f277376151444523bd235e1d9d8f90-1251205883

http://blog.ahnlab.com/asec/110

http://www.virustotal.com/analisis/cbb6af2759d87ae490440436b48836bc9f37121a7d3c811ede2262bf5fdf98f2-1251871508

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.02 Trojan-Spy.JS.FFSpy!IK
AhnLab-V3 5.0.0.2 2009.09.01 -
AntiVir 7.9.1.7 2009.09.01 DR/Spy.FFSpy.A.2
Antiy-AVL 2.0.3.7 2009.09.01 Trojan/JS.FFSpy
Authentium 5.1.2.4 2009.09.02 W32/FFSpy.A
Avast 4.8.1335.0 2009.09.01 -
AVG 8.5.0.406 2009.09.02 -
BitDefender 7.2 2009.09.02 Trojan.Spy.FFSpy.A
CAT-QuickHeal 10.00 2009.09.02 -
ClamAV 0.94.1 2009.09.02 -
Comodo 2173 2009.09.02 TrojWare.Win32.TrojanDropper.FFSpy.~A
DrWeb 5.0.0.12182 2009.09.02 Adware.FF.1
eSafe 7.0.17.0 2009.09.01 Win32.Dropper
eTrust-Vet 31.6.6715 2009.09.01 Win32/VMalum.FYCH
F-Prot 4.5.1.85 2009.09.01 W32/FFSpy.A
F-Secure 8.0.14470.0 2009.09.02 Trojan-Spy.JS.FFSpy.a
Fortinet 3.120.0.0 2009.09.02 W32/Surldoe.CA85!tr
GData 19 2009.09.02 Trojan.Spy.FFSpy.A
Ikarus T3.1.1.68.0 2009.09.02 Trojan-Spy.JS.FFSpy
Jiangmin 11.0.800 2009.09.02 TrojanSpy.JS.c
K7AntiVirus 7.10.833 2009.09.01 -
Kaspersky 7.0.0.125 2009.09.02 Trojan-Spy.JS.FFSpy.a
McAfee 5727 2009.09.01 -
McAfee+Artemis 5727 2009.09.01 Artemis!3C9AAC8C8C7A
McAfee-GW-Edition 6.8.5 2009.09.02 Heuristic.BehavesLike.Win32.Trojan.H
Microsoft 1.5005 2009.09.02 TrojanDropper:Win32/Updobe.A
NOD32 4387 2009.09.01 JS/Spy.FFSpy.A
Norman 2009.09.01 -
nProtect 2009.1.8.0 2009.09.01 Trojan/W32.Agent.55902.C
Panda 10.0.2.2 2009.09.01 -
PCTools 4.4.2.0 2009.08.31 -
Prevx 3.0 2009.09.02 -
Rising 21.45.14.00 2009.09.01 -
Sophos 4.45.0 2009.09.02 -
Sunbelt 3.2.1858.2 2009.09.01 -
Symantec 1.4.4.12 2009.09.02 Trojan.Dropper
TheHacker 6.3.4.3.395 2009.09.02 -
TrendMicro 8.950.0.1094 2009.09.02 TSPY_EBOD.A
VBA32 3.12.10.10 2009.09.01 Trojan-Spy.JS.FFSpy.a
ViRobot 2009.9.2.1912 2009.09.02 Spyware.FFSpy.55902
VirusBuster 4.6.5.0 2009.09.01 -
Additional information
File size: 55902 bytes
MD5   : 3c9aac8c8c7ad410b6c312c42e42add2
SHA1  : c241b4ac7cffac27a5c04bac68a9e402146d6dfd

사용자 삽입 이미지





댓글0