New MSN worm

Check out this article.

A friend send me this .zip archive containing the imageXX.JPG-www.photobucket.com file and I uploaded it to VirusTotal and was undetected by almost every AV!

So watch out! Don't be a n00b!

 

It's not new... I came across it 3 months ago... slightly different name, but the same file name structure and spread via MSN messenger.
back then there was no detection, glad now most detect it.

 

Hmm I guess it has a lot of variants. MSN has become a malware spreading tool!
There does not exist a single day where someone will NOT send me an infected link or zip file. And I don't have many contacts.

 

Luckily things are not so bad over here... when I came across with this, it had been over two years that I didn't get anything bad via messenger.

 

imageXX.JPG-www.photobucket.com = unauthorized executable and will be killed immediately by AE.

 

CFF D Plus flags it by heuristics.

Unfortunately it will not do anything on my system. It crashes after a while.

 

Omg this worm is pathetic It can't even properly run?

As far as I know it creates a startup registry entry and throws some infected files in system32 and Temp folders under Windows folder.

 

Were u able to run this specific variant?

 

No, to tell you the truth, I tried it now and got the same error. What could this mean? Badly written variant? Unrunable?

 

I don,t know really. May be a corrupted sample.