- AIM virus / worm

• Previous message: Joakim Berge: "Re: Who is looking for port 2036?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Oct 2005 14:26:15 -0700
To: "Michael Gargiullo" <mgargiullo@pvtpt.com>, <incidents@securityfocus.com>

The second link is dead the first is a nasty piece of code that does at
a minimum:

Installs a BHO...
Installs Spyware.
Connects to:

http:// home.comcast.net/~svyskocil/image0088.com
http:// home.earthlink.net/~two4tea/installs.exe
http:// home.earthlink.net/~two4tea/mc-110-12-0000080.exe
http:/
/www.ysbweb.com/ist/scripts/exe_version.php?aid=1003517&cfg=ysb_m3&vkey=
211111
http:/ /media.matcash.com/wrapper/launcher.exe
http:// www.maxifiles.com/ai/director_install.exe
http:/ /media.matcash.com/wrapper/get.php?id=110&aid=mc-110-12-0000080
http:/ /media.matcash.com/toolbar/freeprodtb.exe
http:/ /media.matcash.com/toolbar/freeprodtb.exe
http:// media.freeprod.com/toolbar/register.php

In general adds a bunch of Spyware / Adware stuff to your machine and
downloads a bunch of others....

-----Original Message-----
From: Michael Gargiullo [mailto:mgargiullo@pvtpt.com]
Sent: Thursday, October 27, 2005 1:26 PM
To: incidents@securityfocus.com
Subject: [BULK] - AIM virus / worm

Has any one seen this before... Google showed no results...

Instant message from a friend on your buddy list with a link like so...

see this!! http://home.comcast.net/~svyskocil/image0088.com

and

HILARIOUS!! http://home.earthlink.net/~ylee92504/pic0041.com

Symantec corp with defs from yesterday don't detect anything in the com
file, but it does propagate when executed.

• Previous message: Joakim Berge: "Re: Who is looking for port 2036?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]