Security Incidents mailing list archives
- AIM virus / worm
From: "Hubbard, Dan" <dhubbard () websense com>
Date: Thu, 27 Oct 2005 14:26:15 -0700
The second link is dead the first is a nasty piece of code that does at a minimum: Installs a BHO... Installs Spyware. Connects to: http:// home.comcast.net/~svyskocil/image0088.com http:// home.earthlink.net/~two4tea/installs.exe http:// home.earthlink.net/~two4tea/mc-110-12-0000080.exe http:/ /www.ysbweb.com/ist/scripts/exe_version.php?aid=1003517&cfg=ysb_m3&vkey= 211111 http:/ /media.matcash.com/wrapper/launcher.exe http:// www.maxifiles.com/ai/director_install.exe http:/ /media.matcash.com/wrapper/get.php?id=110&aid=mc-110-12-0000080 http:/ /media.matcash.com/toolbar/freeprodtb.exe http:/ /media.matcash.com/toolbar/freeprodtb.exe http:// media.freeprod.com/toolbar/register.php In general adds a bunch of Spyware / Adware stuff to your machine and downloads a bunch of others.... -----Original Message----- From: Michael Gargiullo [mailto:mgargiullo () pvtpt com] Sent: Thursday, October 27, 2005 1:26 PM To: incidents () securityfocus com Subject: [BULK] - AIM virus / worm Has any one seen this before... Google showed no results... Instant message from a friend on your buddy list with a link like so... see this!! http://home.comcast.net/~svyskocil/image0088.com and HILARIOUS!! http://home.earthlink.net/~ylee92504/pic0041.com Symantec corp with defs from yesterday don't detect anything in the com file, but it does propagate when executed.
Current thread:
- - AIM virus / worm Hubbard, Dan (Oct 27)