Malware … Came across this on 17JAN10. No references on internet. Anyone else seen it?.
If you have the sample upload it to virustotal www.virustotal.com and when you have the result, copy the URL in the addressbar and post it here
I think its related to rogue AV’s. The 1st four lettrs are random followed by sysguard.exe
I had already removed it before posting. However, the following message was created by Avast prior to the Malware executing.
1/17/2010 9:19:57 PM SYSTEM 1564 Sign of “JS:Pdfka-TW [Expl]” has been found in “http:\google.com.analytics.qfjkidlqcun.com/nte/TREST11.py/oHacaf44ebV03007f35002R24f7811e102Te7fc97a1Q00000000901801F001c0009J10000601l0409K9ba4a29a317” file.
you should make the link unclickable, as this one is hot…
It is a java script bug, i think it is the one who likes pdf