Gone are the days when malware creators mainly looked for fame and notoriety without causing  much damage to the users’ computers. Nowadays it seems that obtaining financial gains at all costs is the only thing that really matters, going as unnoticed as possible to avoid users’ and antivirus companies’ awareness.

I started to miss those samples of malware so visual that could be esasily recognized and just this week we came across one that followed the old style.

It is a worm with a more annoying than harmful payload, whose aim is to advertise the blog of its creator. It carries our several modifications, like for example:

  • the Desktop wallpaper, changing it to an image where you can see the name of its creator’s weblog:

W32StartPageDIHworm_img3

  • the Internet Explorer start page, changing it to the weblog of its creator:

W32StartPageDIHworm_img5

You can get more information about this worm here:

http://pandasecurity.lin3sdev.com/homeusers/security-info/220875/StartPage.DIH

What is curious is that in the main site of this blog you can find a link to a post published by this user in which he/she explains how this malware appeared. The post is called “Disinfection method of the advertising program or virus”. Here he/she explains how he/she ordered the creation of an advertising program through the Internet to use it in his/her near environment.

But, unfortunately, this program started spreading and causing infections. Therefore, he/she apologizes to users that may have been infected and offers them several links from which they can download the  “antiadware” program, according to the weblogger.

Will he/she be really sorry for that?

Special thanks to Reza Shobeiri, Ismael Zahibi and Yesenia García for the information.