[nsp-sec] Attn: Microsoft/MSN Messenger - MSN-bot Social Engineering Messages
Brian Eckman
eckman at umn.edu
Tue Feb 26 13:09:38 EST 2008
MSN,
A botnet using a command of "msn.url" was seen (a bit over an hour ago)
sending out messages to try to social engineer people into installing
hXXp://www.massiverender.com/ingles/p3.exe (http changed to hXXp to
prevent possible clicking).
It apparently instructs the bots to download a list of social
engineering phrases. The templates for this include these URLs:
http://www.timbercreeksoftware.com/regdata/spa.txt
http://www.timbercreeksoftware.com/regdata/eng.txt
Virustotal results from p3.exe
http://www.virustotal.com/analisis/378a1f6e3762c33c1eec8ebe34bbca38
Anubis Sandbox results for p3.exe
http://analysis.seclab.tuwien.ac.at/result.php?taskid=52141c5b0a9e0e94d9807b4fc1d7f338
Anyhow, I figured the URLs mentioned might be helpful for any content
filtering that you might be able to do.
Cheers,
Brian
--
Brian Eckman, Security Analyst
University of Minnesota
Office of Information Technology
Security & Assurance
More information about the nsp-security
mailing list