A little something Old Skool

Filed Under: Malware, SophosLabs

It's getting more and more rare in the lab these days to see a genuinely pointless piece of malware that makes no attempt whatsoever to extract cash from its victims, but we spotted one this morning. We received an exe file,  'hilariously' named "dontopen.exe". Obviously we recommend that with an unknown file like this one you resist the temptation, but naturally I couldn't!  Of course we have secure systems for this very purpose, we open them so you don't have to.

When you open the exe it drops a batch file which displays the following message, and shuts your computer down in 60 seconds (note, we simply set the clock back to allow us more time to play with/mock the file).

 screenie.JPG

That's all folks! We detect both the executable and the batch file as Troj/Shutdown-I

Feeling old and out of touch with the script kiddies who write these things,  I have to confess I have no idea what a kulit is - Googling it brings up lots of references to, of all things, Indonesian shadow puppets. If I'm being insulted, I'm blissfully unaware how.

You might like