Gromozon spreads and attack a virus researcher

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
From: http://sunbeltblog.blogspot.com/2006/11/gromozon-blowback.html
--------------------
Gromozon is a vicious piece of malware which installs on a user's PC
and does almost every craft trick available to avoid detection and
removal, including creating its own user account, using rootkit
technology, renaming its files, and a whole host of other nasty things.
 And it's certainly popping up on the radar out there in the security
community.

But now these Gromozon jerks have gone a step further - making the
program itself seem like it's authored by someone else - a
legitimate security researcher.

Of all things, the authors of this malware have inserted code in
Gromozon which implicates Marco Giuliani of authoring it!  Marco is a
perfectly upstanding security researcher who, in fact, created a
Gromozon removal tool for PrevX.
--------------------

http://www.pcalsicuro.com/main/2006/11/gromozon-ora-va-sul-personale /


Re: Gromozon spreads and attack a virus researcher


| From: http://sunbeltblog.blogspot.com/2006/11/gromozon-blowback.html
| --------------------
| Gromozon is a vicious piece of malware which installs on a user's PC
| and does almost every craft trick available to avoid detection and
| removal, including creating its own user account, using rootkit
| technology, renaming its files, and a whole host of other nasty things.
|  And it's certainly popping up on the radar out there in the security
| community.
|
| But now these Gromozon jerks have gone a step further - making the
| program itself seem like it's authored by someone else - a
| legitimate security researcher.
|
| Of all things, the authors of this malware have inserted code in
| Gromozon which implicates Marco Giuliani of authoring it!  Marco is a
| perfectly upstanding security researcher who, in fact, created a
| Gromozon removal tool for PrevX.
| --------------------
|
| http://www.pcalsicuro.com/main/2006/11/gromozon-ora-va-sul-personale /

The above is all TOO real.

Marco authored "The strange case of Dr.Rootkit and Mr.Adware"
on or about Aug. 23 which fully discusses this malware and distribution
methodology.  He
does indeed work for Prevx and helped author their Gromozon removal tool and has
been on top
of this subject matter for numerous months.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Gromozon spreads and attack a virus researcher

Does anyone have a download link to a file containing it? I simply want
to... dissect it a bit.
Don't post it here though, obviously; email it to me.


Re: Gromozon spreads and attack a virus researcher

Ze Muffinman wrote:
Quoted text here. Click to load it

please don't troll for malware here... it encourages the uncontrolled
distribution of malware and that enables people to spread it maliciously...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Gromozon spreads and attack a virus researcher


| Does anyone have a download link to a file containing it? I simply want
| to... dissect it a bit.
| Don't post it here though, obviously; email it to me.

Forget it !

It is far too advanced for you and is a multi-blended threat.  It is a
combination of a
RootKit Trojan and non-viral mlware using alternate data streams, reserved file
names and
other techniques.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Gromozon spreads and attack a virus researcher

<snip>
It is far too advanced for you
<snip>

Ahem.
How do you know what's too advanced for me?


Re: Gromozon spreads and attack a virus researcher


| <snip>
| It is far too advanced for you
| <snip>
|
| Ahem.
| How do you know what's too advanced for me?

Based upon what YOU post.

Like I said, this is a multi-blended threat.  It has a few components.  The
components
downloaded will vary based upon the OS and the Browser and if you have been to
the web site
before.  It will "taylor" the infection based upon the characteristics of the
client
accessing the web site.  Once it determines the clients characteristics it will
go through a
routine of exploits based upon those characteristics to install the malware
components.  It
will also examine the system and based upon certain other criteria (that I won't
go into) it
will additionally taylor the infection.

This is a complicated and very serious threat.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Gromozon spreads and attack a virus researcher

I KNOW that it's a serious threat. I did my research, and I'm not
retarded - any more questions?

Actually, that last question was a joke. I don't care what you think.
Since you won't help me at all, I'm just going to have to go to exploit
sites until I find one that has the Gor-whateveritis infection. Sigh.

Adi=F3s Est=FApido.

(w000! Spanish!)


Re: Gromozon spreads and attack a virus researcher


| From: http://sunbeltblog.blogspot.com/2006/11/gromozon-blowback.html
| --------------------
| Gromozon is a vicious piece of malware which installs on a user's PC
| and does almost every craft trick available to avoid detection and
| removal, including creating its own user account, using rootkit
| technology, renaming its files, and a whole host of other nasty things.
|  And it's certainly popping up on the radar out there in the security
| community.
|
| But now these Gromozon jerks have gone a step further - making the
| program itself seem like it's authored by someone else - a
| legitimate security researcher.
|
| Of all things, the authors of this malware have inserted code in
| Gromozon which implicates Marco Giuliani of authoring it!  Marco is a
| perfectly upstanding security researcher who, in fact, created a
| Gromozon removal tool for PrevX.
| --------------------
|
| http://www.pcalsicuro.com/main/2006/11/gromozon-ora-va-sul-personale /

Here is an update...

http://www.pcalsicuro.com/main/2006/11/rimanendo-in-team-di-gromozon /

Marco's comment "they definitely love me"  :-)


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline