Updated: February 13, 2007 11:47:01 AM
Type: Spyware
Risk Impact: High
Systems Affected: Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.Sesui is installed, it performs the following actions:
- Gathers email addresses and user names from the compromised computer, and attempts to send this information to a predetermined email address on the se-sui.com domain.
- Adds the value:
"Start Page" = "[http://]se-sui.com/[REMOVED].php?m=[EMAIL ADDRESS]0&n=[USER NAME]-l"
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
in order to redirect the Internet Explorer home page to a Web site on the se-sui.com domain.
Note: This results in an attempt to register a pornographic service.
- Attempts to open a WMV file from [http://]se-sui.com/[REMOVED]/movie/
- Creates the file [JAPANESE CHARACTERS].txt on the Windows desktop, which asks the user to pay a fee for the pornographic service registered above.
Note: The variable [JAPANESE CHARACTERS] may be displayed as a string of random characters on compromised computers that do not have a Japanese language operating system installed.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
