In yet another Marguerite-esque scheme, a file being presented as an mp3 codec is not a codec. Not surprisingly, the file turning up in the ThreatFire community is related to crack sites and p2p networks.

When run, this little fsg packed executable crashes. Before it does, it sends information to a web server about the user’s workstation, and injects an adware component into explorer.exe. Always exercise caution around these sorts of networks. We’ll post more details here soon.

This entry was posted on Tuesday, January 6th, 2009 at 11:19 am and is filed under Adware, Social Engineering. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.