Computer Security Research - McAfee Avert Labs Blog

Malware writer got infected!

Monday February 26, 2007 at 1:22 pm CST
Posted by Pedro Bueno

It is funny to pick on malware writers…I like it… This time I would like to recommend that they use anti-virus as well, otherwise they can also be infected !

There is no honor among malware writers and we know that. Today I was looking at a file downloaded by what was looking like a common PWS-Banker.dldr (a downloader for Password Stealer Bankers). While doing some analysis on the file, another virus detection came out: W32/Gael.worm.a. This one is a parasitc virus. This made it a bit more suspicious because it is not common to see a PWS-Banker downloader downloading a parasitics virus (really different skills). So, I attempted to clean it to try to make things a bit more clear. I cleaned the file and BINGO! another file came out, detected as PWS-Banker.gen.q ! Which means that the malware created/bought by the malware writer was infected or he/she got infected before posting the file on the site to be downloaded… . Yeah, my job is tooo funny!

This entry was posted on Monday, February 26th, 2007 at 1:22 pm and is filed under Malware Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Malware writer got infected!”

Chris Mosby at myITforum.com : McAfee Avert Labs Blog - Malware writer got infected! Says:
February 28th, 2007 at 7:21 am
[…] Trackback […]
Sandro Suffert Says:
March 2nd, 2007 at 5:56 am
Pedro, have you considered that the malware author infected the file himself to try to prevent being detected as a PWS-Stealer?

PS: Something says me that your job is funny but used to be funnier in the past. I’m sure about that. =)

Sandro.

Malware writer got infected!

2 Responses to “Malware writer got infected!”

Leave a Reply

Archives

Categories