Im almost postive this is a variant of the Kelvir Virus
I have been watching this virus closely becauser i have got it before
I Remeber finding the same site you typed was in the explanation of a
variant of the Kelvir Virus
Althought Symantec antivirus company has detected this variant, Virus
defintions have not been made for that particular variant yet...But if
you gived them some time they will release it.
I WOULD SUGGEST TO SEARCH GOOGLE GOT FREE SYMANTEC ONLINE SCAN OR GO
TO THERE WEBSITE SYMANTEC.COM OR IF YOU GOT ANTIVIRUS SOFTWARE UPDATE
IT TO THE CURRENT DEFINITIONS.
I HATE THIS VIRUS SO BECAREFULE WHAT YOU CLICK
On 4/14/05, Mikey <mike_chan_ (at) hotmail (dot) com [email concealed]> wrote:
> Sorry...that example should have read;
>
> >[05:29:29 PM] Colleague2: its you!
> >[05:29:30 PM] Colleague2:
> > http://hydr0.net/pictures.php?email=email2@hotmai
> > l.com
>
> Thanks to those who have pointed it out.
>
> Cheers,
>
> Michael.
>
> >To: focus-virus (at) securityfocus (dot) com [email concealed]
> >From: Mikey <mike_chan_ (at) hotmail (dot) com [email concealed]>
> >Subject: MSN Messenger Malware?
> >
> >Hi all.
> >
> >I haven't been following the virus scene very closely of late so this may
> >be an old one. Still, I wouldn't mind if someone could help me identify if
> >it is and if it isn't, bring it to the attention of the proper authorities.
> >
> >Firstly, a bit about the environment; I am running MSN Messenger
> >v6.2.0205. Yesterday, a colleague sent me a message that says this;
> >
> >[05:29:29 PM] Colleague: its you!
> >[05:29:30 PM] Colleague:
> > http://hydr0.net/pictures.php?email=email@hotmai
> > l.com
> >
> >I have changed his real alias to "Colleague" and my MSN IM registered
> >email address to email (at) hotmail (dot) com [email concealed] for our protection (and yes, its
> >different to the one I am using to send this message).
> >
> >Now, normally, you don't see this kind of message except in spam messages.
> >But if you click on that link, it will download and execute an executable
> >(on Windows XP SP2, it will ask you about it).
> >
> >Of course, this is my own trusted colleague who is normally very
> >conscientious in keeping viruses and malware out, especially from spam email.
> >
> >When you let it execute, it installs two files into the C:\Program
> >Files\999 directory.
> >
> >It then executes one of these executables and sends this message to
> >EVERYONE on your MSN IM contact list that is NOT offline.
> >
> >The message is the same as above but the email address is the same one as
> >the recipient's email address. For example, the program will send a
> >message to Colleague2 who has a registered MSN IM email address is
> >"email2 (at) hotmail (dot) com [email concealed]". This message to her (from you) will look like this;
> >
> >[05:29:29 PM] Colleague2: its you!
> >[05:29:30 PM] Colleague2:
> > http://hydr0.net/pictures.php?email2=email@hotmai
> > l.com
> >
> >So this epidemic spreads.
> >
> >The motive? I can only think that the owner of http://hydr0.net is
> >collecting email addresses. He or she is using MSN Messenger to
> >proliferate this executable to catch users offguard, while collecting more
> >email addresses as this message spreads.
> >
> >The website is still active and there must be a registered domain owner so
> >I would be interested to hear if anyone can dig further. ;-)
> >
> >BTW - I think I have cleaned it out by deleting the C:\Program Files\999
> >directory and its files.
> >
> >Look forward to hear some feedback on whether this is an already
> >identified malware or not and where I can find more information on it
> >(like its name), if it has already been identified.
> >
> >
> >Cheers,
> >
> >Michael.
>
>
--
Check out gmail.com or search google for "gmail invites" for a great
E-mail service
I have been watching this virus closely becauser i have got it before
I Remeber finding the same site you typed was in the explanation of a
variant of the Kelvir Virus
Althought Symantec antivirus company has detected this variant, Virus
defintions have not been made for that particular variant yet...But if
you gived them some time they will release it.
I WOULD SUGGEST TO SEARCH GOOGLE GOT FREE SYMANTEC ONLINE SCAN OR GO
TO THERE WEBSITE SYMANTEC.COM OR IF YOU GOT ANTIVIRUS SOFTWARE UPDATE
IT TO THE CURRENT DEFINITIONS.
I HATE THIS VIRUS SO BECAREFULE WHAT YOU CLICK
On 4/14/05, Mikey <mike_chan_ (at) hotmail (dot) com [email concealed]> wrote:
> Sorry...that example should have read;
>
> >[05:29:29 PM] Colleague2: its you!
> >[05:29:30 PM] Colleague2:
> > http://hydr0.net/pictures.php?email=email2@hotmai
> > l.com
>
> Thanks to those who have pointed it out.
>
> Cheers,
>
> Michael.
>
> >To: focus-virus (at) securityfocus (dot) com [email concealed]
> >From: Mikey <mike_chan_ (at) hotmail (dot) com [email concealed]>
> >Subject: MSN Messenger Malware?
> >
> >Hi all.
> >
> >I haven't been following the virus scene very closely of late so this may
> >be an old one. Still, I wouldn't mind if someone could help me identify if
> >it is and if it isn't, bring it to the attention of the proper authorities.
> >
> >Firstly, a bit about the environment; I am running MSN Messenger
> >v6.2.0205. Yesterday, a colleague sent me a message that says this;
> >
> >[05:29:29 PM] Colleague: its you!
> >[05:29:30 PM] Colleague:
> > http://hydr0.net/pictures.php?email=email@hotmai
> > l.com
> >
> >I have changed his real alias to "Colleague" and my MSN IM registered
> >email address to email (at) hotmail (dot) com [email concealed] for our protection (and yes, its
> >different to the one I am using to send this message).
> >
> >Now, normally, you don't see this kind of message except in spam messages.
> >But if you click on that link, it will download and execute an executable
> >(on Windows XP SP2, it will ask you about it).
> >
> >Of course, this is my own trusted colleague who is normally very
> >conscientious in keeping viruses and malware out, especially from spam email.
> >
> >When you let it execute, it installs two files into the C:\Program
> >Files\999 directory.
> >
> >It then executes one of these executables and sends this message to
> >EVERYONE on your MSN IM contact list that is NOT offline.
> >
> >The message is the same as above but the email address is the same one as
> >the recipient's email address. For example, the program will send a
> >message to Colleague2 who has a registered MSN IM email address is
> >"email2 (at) hotmail (dot) com [email concealed]". This message to her (from you) will look like this;
> >
> >[05:29:29 PM] Colleague2: its you!
> >[05:29:30 PM] Colleague2:
> > http://hydr0.net/pictures.php?email2=email@hotmai
> > l.com
> >
> >So this epidemic spreads.
> >
> >The motive? I can only think that the owner of http://hydr0.net is
> >collecting email addresses. He or she is using MSN Messenger to
> >proliferate this executable to catch users offguard, while collecting more
> >email addresses as this message spreads.
> >
> >The website is still active and there must be a registered domain owner so
> >I would be interested to hear if anyone can dig further. ;-)
> >
> >BTW - I think I have cleaned it out by deleting the C:\Program Files\999
> >directory and its files.
> >
> >Look forward to hear some feedback on whether this is an already
> >identified malware or not and where I can find more information on it
> >(like its name), if it has already been identified.
> >
> >
> >Cheers,
> >
> >Michael.
>
>
--
Check out gmail.com or search google for "gmail invites" for a great
E-mail service
[ reply ]