Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New IncrediMail threat


  • Please log in to reply
2 replies to this topic

#1 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:08 AM

Posted 22 May 2013 - 12:31 AM

Hey guys...

 

A new threat that I haven't seen before in this form is an IncrediMail threat. I find no information on this particular infection online, so be aware.

 

It has setup an installer from a driveby cache/download (which the user accepted thinking it was an intranet update) and is attempting to 'dial' out. It has changed proxy settings and greyed out all the network and proxy options in Firefox and IE. Fortunately it has got pulled up by our proxy and firewall so no payload was delivered. Not knowing what the payload is, only the vector doesn't help much I know... There are extra processes installed, but I haven't analyzed or cleaned the machine yet to know anything other than they are hidden.

 

So... there it is. I'm just hoping it's not in more of my machines... I really don't need this now computer_bash.gif

 

Perion... based in Isreal is the 'developer' of IncrediMail, and also the 'developer' of SweetIM... which is a big part of the Sweetpacks browser jacking and spyware infection. Typical corporate cyber-crime.

 

http://www.dailyfina...or-conferences/

 

Getting rich by having a toolbar as the main 'monetizing' feature, hmmm.

 



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:08 PM

Posted 22 May 2013 - 01:03 PM

Many free versions of software generate revenue through ads and so forth. While annoying, these aren't considered infections or malware. Toolbars can generally be uninstalled. Often, you can prevent the toolbars from being installed by using a custom installation. The installers used in installing the software you want is often unclear in just what it's going to install, so careful reading is necessary.

~ OB :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 TsVk!

TsVk!

    penguin farmer

  • Topic Starter

  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:04:08 AM

Posted 22 May 2013 - 04:08 PM

Absolutely, the Ask toolbar is a great example. Annoying system clogging useless 'features' which bring down your browser. Just by uninstalling it and resetting your browser you are free though... This is not so with Sweetpacks, it requires malware removal tools. It's kind of like a tattoo,  you probably won't like it after a while and it's hard to get off.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users