I’m not kidding, the title is right.
Among all the windows settings there’s one made for left handed people. The option I’m referring to is located under the Mouse control panel, labelled “Switch primary and secondary buttons”. It lets you exchange the functions performed by the right and left mouse button. Don’t know if this setting is usefull or not, most of the left handed friends I have are still using the mouse like a right handed. Maybe they don’t even know the existence of such an option. Anyway, look at this code:
It’s a simple query on a registry key named SwapMouseButtons.
result_value is sent back to the caller, and the caller checks the value. If the value is equal to 0×30 (right handed) the malware goes on running the rest of the code, but if the value is 0×31 (left handed) the malware ends immediately. All the nasty things performed by the malware are executed after this check, it means that a left handed won’t get infected!
I’ve seen some malwares using SwapMouseButton function in the past, but never something like that. I bet the author is left handed and he wrote the check just to be sure to avoid a possible infection… I can’t think of anything else. Quite funny!!!
View full post on My infected computer
Related Posts
- Painful Facebook Malware? Only When I Laugh.
Juraj Malcho, Head of Lab at Bratislava, reports:
We've just encountered what appears to be a new Facebook scam in the wild. As of this moment we haven't seen any malicious content being serve... - Osama bin Laden dead – so watch for the spams and scams
Google's top-trending Anglophone search term right now is, understandably, "osama bin laden dead". Google officially describes its hotness (you couldn't make this stuff up) as volcanic.The short versi... - Remove Antivirus Center (Uninstall Guide)
Antivirus Center is a rogue anti-spyware program from the same family as Internet Protection. This malware is installed onto your computer through the use of fake scanner pages and Trojans that preten... - Compromised ads leading to TDSS rootkit infections
As we all know, compromised sites play an important role in web distributed malware, acting as the conduit, guiding user traffic to further malicious content. Sometimes, the attackers get lucky, and s... - Data thefts far more common than just Sony and Epsilon
In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover ... - Be Careful If Searching For Images of Kate Middleton’s Dress
Real-world events occasionally generate a massive number of online searches. Japan's recent earthquake and the subsequent tsunami that followed is a good example of a sudden event that turned the worl... - IME Injection Evolution
Recently,we found many malwares using a smarter way to inject the specified dll into system related to IME management. Comparing to the old IME injection tricks, it is much more difficult to be discov... - FBI takes on Coreflood botnet – but is this a step too far?
Two weeks ago, the Federal Bureau of Investigation (FBI) obtained a court order in Connecticut, USA. This court order allowed the FBI to undertake an anti-cybercrime operation of a sort which had neve... - Free anti-virus for Mac named Best Anti-Malware solution at SC Awards
Who would have thought it? A free anti-virus program for Apple Macs being named best anti-malware solution ahead of those security products for boring old Windows.Well, that's exactly what happened at... - A case of malware starring Mario. or should it be Wario?
I always find it interesting to know what goes on in cyber criminals' minds.Lately I've been observing a deluge of websites being hacked and serving drive-by downloads in the form ...
Posted on 06 February 2011. Tags: able, handed, infect, Malware, only, people, right
Solution from Orbasoft.
If you own a computer, you must have antispyware to keep it running at its best. The problem is choosing a scan that works. I have tried many different types of scans in the past and then I ran across Orbasoft Antispyware. I have to say that the antispyware solution from Orbasoft is the best that I have used to date. It gets the job done and keeps my computer working like new. If you are interested in seeing for yourself just how good this antispyware works you can click on http://www.orbasoft.com to learn more. I’m sure it would be worth your time to check it out.
Yes *asaperlo*, you are right about RC4 implementation. The code is bugged if and only if the author wanted to implement RC4 algorithm otherwise we’ll have to study a new crypto algo :p
Joking apart, it seems to be RC4, atleast looking at the initialization part of the crypto algo; I think it’s a oversight but it’s pretty strange. There are some more funny things inside the malware (strange code implementation, virtual machine check), more in the next days… stay tuned.
yes i found the same code
I also found a strange/bugged implementation
of RC4 used to encrypt/decrypt the strings:
In the loop for generating the stream the author seem to have done something like this:
for(int i=0; i < len; i++) {
i = i % 256;
..
instead of
i = (i + 1) % 256;
dont know yet if its a feature or a bug
what do you think ?
I’m left handed and im using my right hand for mouse navi, to be honest I’ve never seen anyone using his mouse with the left hand…
Yes, I’m pretty sure but I should check.
May I ask you why? Did you find the same code?
did you find that piece of code in one
of the latest worms that spreads via MSN ?