Looking for a sexy 'behind'? Well not here! This is a VIRUS REPORT! The program is NOT DETECTED YET (check out the virustotal.com screenshot) at the time of writing!likemyass.net (active)
ratethisphoto.net (purged)
ratethisface.net (purged)
I've discovered this while I was checking some links gathered with the help of an eggdrop script of mine
mwrouin-m-!~info@business-67-35.netway.com.cy MSG!#cyprus
hey check :O http://www.likemyass.net/.......
(....... have replaced the filename)
This malware is undetected by most antivirus at the time of writing, so watch it: likemyass.net = BAD
The dude above is not the spammer. The malware somehow is spammed through IRC instead of MSN. This malware/trojan/virus/worm/bad exe, whatever you might want to call it, is spreading around replacing the MSN executable.
Some of my friends believe that this is the 'new' Virtumonde. It might just use its registry keys, but the MSN spamming is a whole new thing I guess!
UPDATE: The website is now down!
UPDATE 2: The website has changed to http://la.gg/UPL/PIC901.COM (but it was down when I was notified)
UPDATE 3: Solutions 1) Vundofix 2) VundoBeGone 3) Uninstall,restart and reinstall MSN Messenger from here: http://g.msn.com/8reen_us/EN/INSTALL_MSN_MESSENGER_DL.EXE
4) Try out one of my generic cleaners, cwean pack: www.erroneous.name
You are encouraged to download the executable and upload it to www.virustotal.com or www.uploadmalware.com
More info about the lil' buger at the Kaspersky's website
4 comments:
It seems it has switched servers
http://la.gg/UPL/PIC901.COM
I just received it from this server too.
By the time I looked at it, it was already down. If you have downloaded the executable please pass it to VirusTotal.com or UploadMalware.com so the big antivirus companies can have their sources updated :)
um, i just got a notification from likemyass.net the server isnt down any more!
Post a Comment