This hijack typically begins with the following file opened up from the web:
If the file is allowed to execute on the PC, depending on what files the bundle is rotating for download at the time of install you may well see the dreaded Blue Screen Of Death (or BSOD to its friends).
However, all is not what it seems. While the end-user is faced with the horrors of the BSOD, behind the scenes Malware is installing by the bucketload.How is this possible, I hear you cry? Surely if the PC has crashed, nothing can be installing?
Not in this case, because the blue screen of death is fake - to be more accurate, the bad guys have taken Sysinternals blue screen of death screensaver and bundled it in with the hijack files. This is what the .scr file looks like on the PC:
It seems the bad guys are not without a sense of humour. Hiding a blizzard of infection file installs behind a legitimate screensaver created by a security expert is pretty bizarre. Here is the registry entry created:
Meanwhile, here are just some of the files installed onto the PC during the download:
The PC pretty much grinds to a halt while all of this is taking place:
When the computer finally comes back under your contol, you can expect to see numerous warnings related to fake antispyware programs appearing all over the desktop:
Click to Enlarge
Click to Enlarge
If the file is allowed to execute on the PC, depending on what files the bundle is rotating for download at the time of install you may well see the dreaded Blue Screen Of Death (or BSOD to its friends).
However, all is not what it seems. While the end-user is faced with the horrors of the BSOD, behind the scenes Malware is installing by the bucketload.How is this possible, I hear you cry? Surely if the PC has crashed, nothing can be installing?
Not in this case, because the blue screen of death is fake - to be more accurate, the bad guys have taken Sysinternals blue screen of death screensaver and bundled it in with the hijack files. This is what the .scr file looks like on the PC:
And this is what you see if you explore the code:
It seems the bad guys are not without a sense of humour. Hiding a blizzard of infection file installs behind a legitimate screensaver created by a security expert is pretty bizarre. Here is the registry entry created:
Meanwhile, here are just some of the files installed onto the PC during the download:
Click to Enlarge
The PC pretty much grinds to a halt while all of this is taking place:
When the computer finally comes back under your contol, you can expect to see numerous warnings related to fake antispyware programs appearing all over the desktop:
Click to Enlarge
Click to Enlarge
