Of Spam & Men

To content | To menu | To search

Wednesday 10 January 2007

IM worm on Yahoo!

Trend Micro has a report of a new worm using Yahoo (which has unfortunately nothing common with my ICQ mystery). The worm sends links looking like pictures for some of them (but they are not):

    1. http://{blocked}.info/who.jpg
    2. http://{blocked}.info/friendpic1.jpg
    3. http://{blocked}.com/Gallery/albums/album/index.php
    4. http://{blocked}.com/Gallery/albums/album/index2.php
    5. http://{blocked}.com/Gallery/albums/album/YMworm.exe
    6. http://{blocked}.com/Gallery/albums/album/worm2007.exe

Continue reading...

Thursday 21 December 2006

What's going on with Warezov on ICQ?

A few weeks ago our network provider reported that they caught a few HTTP requests (a few GET for map.src and picture.pif) to a known warezov domain coming from one of our ip. Warezov and its variants are easily trackable since once activated they will try to update themself by fetching an update on several domains created for this purpose. So, a computer was suspected to be infected on our networks. I investigated and discovered that the actual IP involved was a linux box. No, not even a dual boot box.

After asking the lady who used to computer that day, i understood that she certainly didn't go fetch the warezov update on purpose and that she only used meebo.com (webmesenger service) and yahoo mail. She reported a few weird messages from people she didn't know on ICQ, though. A few days later, another user reported the same kind of messages on ICQ, but this time from an unknown warezov domain! No antivirus vendors are actually linking Warezov and ICQ. So what's going with Warezov on ICQ?

Continue reading...

Monday 4 December 2006

Bagle Returns

Several Antivirus and Security companies are reporting that Bagle's back on business.

Indeed F-Secure reports that some of the old Bagle update urls were activated on Nov. 30th.

Continue reading...