Swim in $$$ = Swim with Sharks!

Filed Under: SophosLabs

"Im ************, i swim in money $$$
I want you to swim with me!!! send this file to all friends and join me!!"

blog.jpg

If you are swimming with Troj/Nymod-A and looking at what appears to be the random picture of some person (:P), you are definitely swimming with the sharks. Troj/Nymod-A drops a file called ^^^^^.exe (proactively detected by Sophos as Mal/Basine-C) and sets it to autostart everytime you reboot your computer. File ^^^^^.exe has process monitoring which just respawns itself if you kill the handle running ^^^^^.exe. Finally it tunnels through your firewall and contacts a remote server whose domain ends in ".ru"! This has opened your computer to the $$$ sharks who might steal information from you, or steal your computer's resources = $$$ for them.

You might like