Renater our network provider reported these requests, being a know warezov domain:

GET - DIRECT/ text/html
GET - DIRECT/ text/plain
GET - DIRECT/ text/html
GET - DIRECT/ text/plain

The lady who used the computer at this time couldn't actually remember what were the messages sent to her on ICQ, but she certainly didn't remember clicking on any of them.

I couldn't find any information linking warezov and ICQ. According to Sunbelt warezov is a mass mailing worm that carries an infected attachment and spreads by sending a copy of itself to every email address in the victim's computer.

Anyway, i downloaded the map.scr and picture.pif files and submitted them on

AntiVir       12.21.2006      Worm/Stration.AH
Authentium      4.93.8       12.20.2006      W32/Warezov.gen4
Avast   4.7.892.0       12.20.2006      no virus found
AVG     386     12.20.2006      I-Worm/Stration.BKR
BitDefender     7.2     12.21.2006      Trojan.Dropper.Stration.VD
CAT-QuickHeal   8.00    12.20.2006
ClamAV  devel-20060426  12.21.2006      Worm.Stration.XC-8
DrWeb   4.33    12.21.2006      Win32.HLLM.Limar.based
eSafe        12.19.2006
eTrust-InoculateIT      23.73.93        12.21.2006      Win32/Stration.Variant!Worm
eTrust-Vet      30.3.3267       12.21.2006      no virus found
Ewido   4.0     12.21.2006
Fortinet        12.21.2006      W32/Strati.ET@mm
F-Prot  3.16f   12.20.2006      W32/Warezov.gen4
F-Prot4        12.20.2006      W32/Warezov.gen4
Ikarus  T3.1.0.27       12.21.2006      Email-Worm.Win32.Warezov.dw
Kaspersky        12.21.2006
McAfee  4923    12.20.2006      W32/Stration@MM
Microsoft       1.1904  12.21.2006      no virus found
NOD32v2 1932    12.20.2006      Win32/Stration.TU
Norman  5.80.02 12.20.2006      W32/Stration.CQW
Panda 12.21.2006      W32/Spamta.PL.worm
Prevx1  V2      12.21.2006      no virus found
Sophos  4.12.0  12.21.2006      W32/Strati-Gen
Sunbelt 2.2.907.0       12.18.2006      W32.Stration.DB@mm
TheHacker       12.20.2006      W32/
UNA     1.83    12.20.2006
VBA32   3.11.1  12.20.2006      MalwareScope.Worm.Warezov.1
VirusBuster     4.3.19:9        12.20.2006      Trojan.Opnis.Gen.29

It's abviously a piece of warezov. I reported it to f-secure with my little story and then contacted me back saying the files i submitted didn't have any IM related routines. They said the virus was probably not sent on ICQ but rather in a mail. But a few days later another user reported weird messages on ICQ and this time, she sent them to me:

check this
check this

Interesting.. this time we're sure it's coming from ICQ and that it's a warezov even though isnt a know warezov domain (yet). I reported this to my contact at f-secure and am still waiting for an answer...