F-Secure Virus Descriptions : AdwareDropper
| NAME: | AdwareDropper |
| ALIAS: | AdwareDroper-A, Adware Dropper, Valentines Day E-Card, W32/Adware.Valentine |
On 12th of Februaru 2003 we received a report from a customer
that he had got a suspicious message. The message looked like
that:
YOU HAVE RECEIVED A VALENTINES DAY E-CARD!
Greetings,
Someone has sent you a Valentines Day E-Card ::: a virtual postcard from
Valentines-ecard.com.
To view your card please click the link below :
<link to www.valentines-ecard.com site>
----------------------------------------------------------------------------------
This card was provided by Valentines-ecard.com. Copyright 2003 All Rights Reserved
The link pointed to the page that provided the CARD.EXE file for
download. The file contained an animated Valentines Day greeting
card that looked like that:
The animated greeting card was installed on a hard drive and the
uninstallation program for it was provided. But at the same time,
the CARD.EXE file hiddenly dropped 3 adware/spyware files in
Windows System folder:
HMEPGE.DLL
HOTLINK.DLL
IEBRW.DLL
These files are not malicious, they are adware/spyware components
that help its makers to collect information about computer user's
habits and provide him with appropriate advertisment. No personal
information about a user is collected.
As these adware components were hiddenly dropped to computers
without a user seeing and accepting a licence agreement, we
consider the CARD.EXE file to be malicious. We added detection
for this file into our anti-virus databases.
If you got the message mentioned above, please do not follow the
link, do not download and run the CARD.EXE file.
[F-Secure Anti-Virus Research Team; February 13th, 2003]
|
![](/images/pixel.gif"){kind=tracking}
