LZIO

Category: Trojan Downloader

Risk: High Risk

* High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer.

Description: LIZO is affiliated with freedownload.screensavers4free.net. Connects to 'newupdates.lzio.com' and ''updates.lzio.com' to download updates. When run on the victim machine, outgoing HTTP GET requests are sent to remote servers (domains as listed above). The request includes a identification string, that is also written to the Registry on the victim machine: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main "NID" = (some ID string) The downloader copies itself into the Windows system directory with a random filename, for example: C:\WINNT\SYSTEM32\VHUVFOE.EXE A Registry key is added to run this copy of the trojan at system startup, for example: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Run "nssysconf" = C:\WINNT\SYSTEM32\VHUVFOE.EXE From the privacy policy: "We distribute LZIO Media only to users who have been given the opportunity to review and accept our End User License Agreement (EULA) and this Privacy Policy before downloading any free software or content and thus before the LZIO Media is installed. If you believe you have received LZIO Media without having accepting the EULA, please let us know at customer-support@support.great-pc-software.com. By downloading, installing, or using the free software or content containing LZIO Media, you agree to receive advertisements from LZIO.COM's business partners and associates. The ads may be displayed as "pop-up" and/or "pop-under" ads, or in other formats. LZIO Media may also add enhancements to your computer, such as the redirection of 404 pages, modification of your default Internet Explorer search page, and alternate links on certain html text links. By accepting the terms of the EULA, you agree that we have the right to run such advertisements and promotions without compensation to you. Your business dealings with, or participation in promotions of, advertisers found on or through LZIO Media, including payment and delivery of related goods or services, and any other terms, conditions, warranties or representations associated with such dealings, are solely between you and the advertiser. You agree that LZIO.COM will not be responsible for any loss or damage of any sort incurred as the result of any such dealings or as the result of the presence of such advertisers with the LZIO Media network. LZIO.COM does not require users to provide personal information. Personal information (your name, email address, mailing address, general profile information, preferences, and similar information) may sometimes be collected, on a voluntary basis, for special promotions, contests, and surveys. That information will only be collected with your consent. We may share, rent or sell personally identifying information you provide us to third parties. In addition, we may collect the following information from your computer: Click-stream data HTTP protocol elements Web sites/pages viewed The amount of time spent at some Web sites Response to the Advertisements displayed Standard web log information including IP address and system settings What software is on your personal computer Information about the hardware of your personal computer Search terms used System data Your usage characteristics and preferences Your first name, last name, and zip/postal code Other data at LZIO.COM's sole discretion The information we collect may be used for any or all of the following purposes: Completion and support of the cu

Alias: Free Community, Downloader-LE

Signatures:
process: hpdllhost.exe: MD5 Hash: 771cbf0d2689f150734
process: hpdllhost.exe: MD5 Hash: ..