,hl=en,siteUrl='http://0ldfox.blogspot.com/',authuser=0,security_token="v_SeT2Tv8vVdKRCcG9CCW-ZdIfQ:1429878696275"/> Old Fox KM Journal

Wednesday, September 15, 2004

WurldMedia

--------------------------------------------------------------------------------

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

--------------------------------------------------------------------------------



Overview
Summary: An IE browser helper object that detects visits to known sites and redirects them through a third-party server in order to take the affiliate fees. WurldMedia even steals the fees from other webmasters when you use their own links.
Alias: BuyersPort, Morpheus, Morpheus Shopping Club, WURLD Shopping Community
Category: Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.

Variants: WurldMedia.bpboh
WurldMedia.mbho
WurldMedia.MDef
WurldMedia.Mo
WurldMedia.Moaa
WurldMedia.Moz
WurldMedia.MPohs
WurldMedia.MSCStat
WurldMedia.MShop
WurldMedia.TChk
WurldMedia/Mo, WurldMedia/Moaa, WurldMedia/Moz. The BHO is renamed mo030414s.dll, moaa030425s.dll or moz030715s.dll and has a random class ID; the mscstat process is renamed mostat.exe and there is a configuration program called moconfig.exe.
WurldMedia/Mostat. In this newest variant, MoStat.exe will run in your systray.
WurldMedia/MShop, WurldMedia/MPohs and WurldMedia/MDef have new IDs and filenames: m030106shop.dll, m030206pohs.dll and mdefshop.dll, respectively.
WurldMedia/TChk is bundled with the Mo, Moaa and Moz variants. It checks for the existance of the WurldMedia BHO, and, if it finds it missing, contacts its controlling server xnef.com. At the time of writing this server is not responding, but it is suspected that if it were working it would direct TChk to reinstall the software. WurldMedia/TChk tries to escape detection by using a completely random filename and ID.

Similar Pests: Hijacker
Origins
Group: www.wurldmedia.com
Vendor: WURLD Media, Inc.
WurldMedia partners with StreamCast Networks, Inc., developers of Morpheus. A download of Morpheus will result in the installation of components associated with AtomWire and other browser helper objects. Components within a Morpheus installation will carry a variety of developer names within the code, including ESD Technologies, Inc., John Marshall, My Way, Summit Software Company, Wurld Media Inc., and XMLAuthor Inc.

By This Group: WurldMedia.bpboh ·
Mailing Address: WURLD Media, Inc., 63 Putnam Street, Suite #103, Saratoga Springs, NY 12866
Phone: 518-691-1100 Fax: 518-691-1180
Date of Origin: Variants from February, 2003 to January, 2004
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)