Updated: February 13, 2007 11:36:56 AM
Type: Dialer
Risk Impact: High
File Names: fun.lnk,mpresource.dll mpv0.cab,mediaconnect.ocx,dialer.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows NT, Windows Server 2003, Windows XP
Dialer.EuroInfoMedia performs the following actions:
- Creates the file Fun.lnk, which contains a URL link.
- Creates the file conf0.php, which contains configuration information.
- Creates the registry key.
HKEY_LOCAL_MACHINE\Software\EIM
- Dials the default RAS connection using the computer's modem.
- Downloads the file mpResource.dll and saves it to the %Windir%\System32 folder. This file does not contain malicious code.
- Executes Internet Explorer to load the URL in Fun.lnk. The URL will vary and typically present a Web page describing an adult service.
- If you accept the service, Internet Explorer will download another file from plugin.euro-infomedia.com, which will invoke the modem to dial a high-cost phone number.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
