Within the next 12 hours, more than 400,000 instances were recorded.
This process is related to MediaGet, a BitTorrent client that we classify aspotentially unwanted utility (PUA).
MediaGet is often used by people looking to download programs or media from websites with dubious reputation.
A signed mediaget.exe downloads an update.exe program and runs it on the machine to install a new mediaget.exe.
In this case, the third-party company that signed update.exe is likely to be a victim, believes Microsoft.
The dropped update.exe is a packaged InnoSetup SFX which has an embedded trojanized mediaget.exe, update.exe.
When run, it drops a trojanized unsigned version of mediaget.exe.
The Dofoil variant used in the attack showed advanced cross-process injection techniques, persistence mechanisms, and evasion methods.
Source:THN,ZDNet
Read More
source: www.techworm.net
