Via prevx.com -
In the last day or so we have had a massive influx of users coming to us because they are infected with a file called Chenzi.exe. After analyzing a sample in the lab here, all I can say is, this is pretty insane!
We started off with a clean machine with 56 running processes, after 10 minutes of running, we had ... 318 running processes. I tried to make a video of it, but the machine just couldn’t handle it. This file is a downloader for many things at once, one being a password stealer for various online games. We've added detections for the entire cluster of files downloaded from all the downloader’s we could get, so it would be worth a go trying to clean this up with Prevx CSI. I’d love to hear some feedback from anyone that’s had this infection. Some signs of this infection is constant popups asking you to install Chinese language packs, various Chinese websites popups, and your entire right click menu changing from English to Chinese.
The main goal of this Trojan however is based around stealing WoW accounts, let us know if you have any more info, or have been affected by this threat as it seems rather prevalent at the moment.
In the meantime I'll try and get some video footage up of this infection.
No comments:
Post a Comment