There’s been quite a few of these Winldra variants we’ve been finding (this is the keylogger behind the identity theft ring we stumbled onto a while back).

One thing: 

Not one of the machines we found infected were running Windows XP Service Pack 2.  ALL of the infestations are occurring on older Windows XP systems.

This thing can be installed through one of many different exploits, *.CHM, Java.Encoded links, Mime 64Base encoded links, Unicoded, javascript encoded scripts : %3F, \U00##, etc.  Most, if not all, of these exploits were fixed even prior to SP 2.

During one test, I went to a site that installed the keylogger.  Windows XP SP2, no problem.  Didn’t even touch the machine. Unpatched — zing! Instantly infected.

To those that insist on not upgrading to SP2, you are nuts.  Sorry, it’s the plain truth.  You’re playing with fire.

(Thanks Patrick)


Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.