Posted by Virus Bulletin on Sep 5, 2006
Cleaner tool aims to remove sophisticated attack.
The shadowy blended threat known as Gromozon has slowly been gaining notoriety in recent weeks, particularly after some in-depth analysis was made public. Now anti-malware company PrevX has released a free, dedicated remover tool to combat the problem.
The threat has spread from an Italian website over several months, and uses a variety of highly sophisticated methods of infection, including various social engineering techniques and exploit attempts, which vary depending on the browser used to access the site, as well as obfuscated code to hamper analysis. It installs diallers, downloaders and adware on infected machines, all heavily stealthed by the accompanying rootkit technology.
The PrevX removal tool can be downloaded here. Read a blog entry on the threat from Symantec's Eric Chien here, and check the latest version of Marco Giuliani's analysis (in PDF format) here.
Posted on 5 September 2006 by Virus Bulletin
