Stukach Trojaned SysReg.exe

[Information Security <InformationSecurity () federatedinv com>]

Picked up a Norton alert for an infected SysReg.exe file.  I think the new
definitions identified a file that was laid down a few days before.  The
trojan is a version of stukach
(http://www.glocksoft.com/trojan_list/Stukach.htm,
http://www.ntsecurity.net/Panda/Index.cfm?FuseAction=Virus&VirusID=27),
49,152 bytes.  I haven't yet been able to identify the payload.  Intersting
strings from the file:

HKEY_CURRENT_USER\Software\IExplore\AID
HKEY_CURRENT_USER\Software\IExplore\ID
HKEY_CURRENT_USER\Software\IExplore\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysReg
http://tp.searchseekfind.com/cgi-bin/TPS/Checkin.pl?ID=%s&Affid=%s&Connectio
nType=%d&Version=%d
open
HKEY_CURRENT_USER\Software\IExplore\%s

There's some coincidental time stamps and info on the infected machines that
make me believe this may be in some way linked to weatherbug--possibly
through one of their popups.

Any correlation would be helpful.  Still looking for more info.

Thanks!

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------