Driveby downloads delivered from ".sys" directories
Last Updated: 2010-03-24 02:42:35 UTC - "... observed malware being delivered from the ".sys" directory of various web sites. The URL follows the scheme:
http ://evilexample .com/.sys/?action=... link being delivered via Facebook which of course makes the message more plausible and it is likely that users install the software thinking it came from a "Friend"... In response to clicking on the link, the user is asked to install the software... a specific block for ".sys".. web filter caught about 60% of these exploits. Once a user follows the link, additional exe files are downloaded from ".sys" directories. The file names... observed are p.exe, go.exe and v2captcha21.exe."
Comments: ... Mar 24 2010, 15:24
"... a bit more digging did show the Koobface connection..."