Sunday, July 15, 2007

Internet: thecoolpics.net back with another redirection

Same as before, two files, two sites. Same files, different target of redirection link. Looks like some people are persistent. Possible messages of the infected redirection you might see (www.example.com replaced the actual url):

  1. :D who is beside you in this pic www.example.com/friendpic1.jpg so good-looking
  2. ;) 1 of my vacation pictures www.example.com/vacation1.jpg <:-P
  3. hot pics this week www.example.com/hot.jpg :x
  4. ;) 1 of my vacation pictures www.example.com/vacation2.jpg <:-P
  5. Screenshot of my new Ipod www.example.com/vista.jpg so cool :D
  6. Images shot in Iraq _ The war will never end www.example.com/Iraqwar.jpg << :(
  7. :)) I won an iPhone. You will never believe it :O www.example.com/mylottery.jpg <<
  8. never click into the links like something in this image www.example.com/dontclick.jpg #:-S !!!
  9. :( the page cannot be displayed www.example.com/error.jpg Something was wrong !!! Check it again and tell me later. THanks
  10. My pics www.example.com/mypics.jpg b-( <<
  11. New game ;;) sexy beach 3 (man only) www.example.com/MissWorld.jpg !!
  12. Do you realize who is in this image: www.example.com/who.jpg . Just think for a moment and tell me soon ;))

The dude disabled the adbrite click code, but still... he spreads the worm determinated to do something with it. Let's hope the antivirus programmers this time "get the message" and try wipe it out.
The results of the executables, YMworm.exe and worm2007.exe can be viewed here

It sets your home page as www.quicknews.info

Try clean it with Cwean Antimalware Package, I believe it can do wonders for some infections.

No comments: