NEW: Attack zombie using Yahoo! Chat voice

Discussion in 'malware problems & news' started by TECHWG, Oct 4, 2006.

Thread Status:
Not open for further replies.
  1. TECHWG

    TECHWG Guest

    I have in my posession, a file that was given to me to run on my pc that was a CPU temperature checker "supposedly" when i checked it out it appeared to be a aombie bot program using the Yahoo Chat voice protocol to relay commands and NOT irc . . i guess this would be harder to trace or better and more reliable perhaps ? after all the FBI are monitoring irc now, so logical step is to move to other methods i guess . . what is the best method i can use against this ? Who can i give it to to make it detected by lots of softwares and / or profile the traffic it uses to connect with yahoo and Heuristically detect a presence thats not authentic yahoo traffic ?
    it has been used on me and its quite bad when it attacks . . smacked me mostly offline after several hours of hellish lag . . but the guy fessed up what the fil was and was bragging about what i can do and how it works . .
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    To see if it's actualy new or not and to possibly see if they can determine the validity....I would suggest letting Sunbelt\Counterspy run it in their sandbox.

    Submit Malware Sample to Sunbelt Sandbox
     
  3. TECHWG

    TECHWG Guest

    Thanks the first time i uploaded it, i got "something went wrong" then the second time it said "ERROR: This malware has already been added to the database, Sunbelt Sandbox ID: 1851" . . . so we will see what we see

    Thanks

     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Yeah....that's a notification problem they are looking into as noted in this ongoing thread on another forum :doubt:
     
  5. TECHWG

    TECHWG Guest

    Umm . . anyways i will let you know what happens
     
  6. bpm3k

    bpm3k Registered Member

    Joined:
    Feb 28, 2005
    Posts:
    30
    I just wanted to say good job on keep us updated.
     
Loading...
Thread Status:
Not open for further replies.