virus

Wednesday 10 January 2007

IM worm on Yahoo!

By ArnY on Wednesday 10 January 2007, 16:16

Trend Micro has a report of a new worm using Yahoo (which has unfortunately nothing common with my ICQ mystery). The worm sends links looking like pictures for some of them (but they are not):

    1. http://{blocked}.info/who.jpg
    2. http://{blocked}.info/friendpic1.jpg
    3. http://{blocked}.com/Gallery/albums/album/index.php
    4. http://{blocked}.com/Gallery/albums/album/index2.php
    5. http://{blocked}.com/Gallery/albums/album/YMworm.exe
    6. http://{blocked}.com/Gallery/albums/album/worm2007.exe

27 comments no trackback

Thursday 21 December 2006

What's going on with Warezov on ICQ?

By ArnY on Thursday 21 December 2006, 10:24

virus

A few weeks ago our network provider reported that they caught a few HTTP requests (a few GET for map.src and picture.pif) to a known warezov domain coming from one of our ip. Warezov and its variants are easily trackable since once activated they will try to update themself by fetching an update on several domains created for this purpose. So, a computer was suspected to be infected on our networks. I investigated and discovered that the actual IP involved was a linux box. No, not even a dual boot box.

After asking the lady who used to computer that day, i understood that she certainly didn't go fetch the warezov update on purpose and that she only used meebo.com (webmesenger service) and yahoo mail. She reported a few weird messages from people she didn't know on ICQ, though. A few days later, another user reported the same kind of messages on ICQ, but this time from an unknown warezov domain! No antivirus vendors are actually linking Warezov and ICQ. So what's going with Warezov on ICQ?

one comment no trackback

Monday 4 December 2006