North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Israeli ISP's experience broadband dialer malware outbreak
I received several notices today from fellow ISP's, originally from an Israeli ISP's security information sharing mailing list, that several large Israeli ISP's experience an outbreak that cause tech support lines to overflow.
Basically, this malware appears to change dialer configuration for broadband users. "Advanced" setting is turned back to "Basic", Local Area Connection is being played with, the user name is changed to <random number>username, etc.
The users get the following errors: 734 ,769, 789 or 800.
On the press, several rumors are circulating:
1. This thing is from Kazaa.
2. Process names are: chksp2.exe, sp2ctr.exe and glwgmgeb.exe.
3. Also, this link has been provided: http://www.sophos.com/virusinfo/analyses/trojdlucam.html
We haven't yet got my hands on a sample, but I hope to have one soon.
I haven't seen any chatter about this in AV forums.. and for now it seems to be limited to Israel unless someone can inform me differently?