 |
 |
 |
| The name might seem different, but Mosquito Geeks, Inc.provides practical solutions to help businesses utilize information systems more efficiently and effectively. |
|
|
|
|
|
 |
|
 |
| Mosquito Geeks, Inc. offers an affordable and reliable on-site technical support for both your home and business. |
|
|
|
|
| |
|
 |
|
 |
| We provide affordable, yet professional web services in Web Site Development |
|
|
|
|
|
 |
|
 |
| Your site is hosted with the reliability and performance you need. |
|
|
|
|
| |
|
 |
|
 |
| Protect you data with Mosquito Geeks Remote Backup Service |
|
|
|
|
|
|
|
12/26/2005
Spyware.Sesui.
Behavior
Spyware.Sesui is a spyware program that gathers sensitive information and registers a pornographic service without notification.
Symptoms
Your Symantec program detects Spyware.Sesui.
Transmission
This security risk can be manually installed.
When Spyware.Sesui is installed, it performs the following actions:
- Gathers email addresses and user names from the compromised computer, and attempts to send this information to a predetermined email address on the se-sui.com domain.
- Adds the value:
"Start Page" = "[http://]se-sui.com/[REMOVED].php?m=[EMAIL ADDRESS]0&n=[USER NAME]-l"
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
in order to redirect the Internet Explorer home page to a Web site on the se-sui.com domain.
Note: This results in an attempt to register a pornographic service.
- Attempts to open a WMV file from [http://]se-sui.com/[REMOVED]/movie/
- Creates the file [JAPANESE CHARACTERS].txt on the Windows desktop, which asks the user to pay a fee for the pornographic service registered above.
Note: The variable [JAPANESE CHARACTERS] may be displayed as a string of random characters on compromised computers that do not have a Japanese language operating system installed.
|
|
| |
|
|