New MSN worm

Discussion in 'malware problems & news' started by PiCo, May 12, 2008.

Thread Status:
Not open for further replies.
  1. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Check out this article.

    A friend send me this .zip archive containing the imageXX.JPG-www.photobucket.com file and I uploaded it to VirusTotal and was undetected by almost every AV!

    So watch out! Don't be a n00b!
     
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    It's not new... I came across it 3 months ago... slightly different name, but the same file name structure and spread via MSN messenger.
    back then there was no detection, glad now most detect it.
     
  3. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Hmm I guess it has a lot of variants. MSN has become a malware spreading tool!
    There does not exist a single day where someone will NOT send me an infected link or zip file. And I don't have many contacts.
     
  4. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Luckily things are not so bad over here... when I came across with this, it had been over two years that I didn't get anything bad via messenger.
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    imageXX.JPG-www.photobucket.com = unauthorized executable and will be killed immediately by AE.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    CFF D Plus flags it by heuristics. :thumb:

    Unfortunately it will not do anything on my system. It crashes after a while.
     

    Attached Files:

  7. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Omg this worm is pathetic :p It can't even properly run?

    As far as I know it creates a startup registry entry and throws some infected files in system32 and Temp folders under Windows folder.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Were u able to run this specific variant?
     
  9. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    No, to tell you the truth, I tried it now and got the same error. What could this mean? Badly written variant? Unrunable?
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I don,t know really. May be a corrupted sample.
     
Loading...
Thread Status:
Not open for further replies.