[nsp-sec] MSN infection observed
Tarmo Randel
tarmo.randel at cert.ee
Tue Nov 3 11:19:46 EST 2009
Hello Everybody,
thought I should share those small pieces of information about MSN based
infection that is currently being distributed in Estonia. Link is
inserted in MSN conversation so that it is quite hard to tell if the
text itself was automagically generated or not.
Binary (available on request):
hxxp:// www. virustotal. com/ analisis/
0833c40354353c604520f8e46fc11c2ae4f1207cc3f4b57a82d82c06c32265d9-1257263972
Infection path: lmageshack. cn -> woodwormsnomore. myvnc. com ->
rapidshare. com (/files/300607117/pic65.pif)
Infected PC communicates with hotshows. org (at least at first).
It is interesting case because it succeeded to infect patched XP and
penetrated Microsoft Security Essentials.
Notifications to involved parties are on the way.
All the best,
Tarmo Randel
CERT-EE
--
+372 663 0254
More information about the nsp-security
mailing list