Author Topic: MSN trojan / myspacy.net  (Read 3237 times)

0 Members and 1 Guest are viewing this topic.

December 07, 2008, 11:50:19 pm
Read 3237 times

ocean

  • Special Access
  • Full Member

  • Offline
  • *

  • 49
    • ocean's Inseclab
spreads through msn messenger, sending a message like:
Code: [Select]
"photo: http://site.myspacy.net/viewimage.php?=yourcontact@hotmail.com"seems that microsoft cabextract is used to extract trojan pe.

results scanning with novirusthanks:
File Info

Report generated: 6.12.2008 at 17.45.23 (GMT 1)
Packer detected: PEiD took too long!
Self-Extract Archive: Yes => Cabinet Archive
Binder Detector:  Nothing found
Detection rate: 6 on 24

Detections

a-squared - VirTool.Win32.CeeInject!IK
Avira AntiVir - Nothing found!
Avast - Nothing found!
AVG - :\burimis.exe:\burimi.exe Trojan horse BackDoor.Generic_r.DU
BitDefender - MemScan:Backdoor.RBot.YBJ
ClamAV - Nothing found!
Comodo - Nothing found! 
Dr.Web - Nothing found!
Ewido - Nothing found!
F-PROT 6 - Maximum archive depth reached
G DATA - Nothing found!
IkarusT3 - Nothing found!
Kaspersky - Trojan-Downloader.Win32.QQHelper.gfg
McAfee - Nothing found! 
MHR (Malware Hash Registry) - Nothing found!
NOD32 v3 - Nothing found! 
Norman - Nothing found!
Panda - Nothing found!
Quick Heal - Nothing found!
Solo Antivirus - Nothing found!
Sophos - Troj/Drop-BO
TrendMicro - Nothing found!
VBA32 - Nothing found!   
Virus Buster - Nothing found!

Scan report generated by 
NoVirusThanks.org



myspacy.net is registered using yahoo for small businesses.

whois:
Code: [Select]
Domain Name.......... myspacy.net
Creation Date........ 2008-12-03
Registration Date.... 2008-12-03
Expiry Date.......... 2009-12-03
Organisation Name.... ben ben
Organisation Address. P O Box 99800
Organisation Address.
Organisation Address. EmeryVille
Organisation Address. 94662
Organisation Address. CA
Organisation Address. US

Admin Name........... PrivateRegContact Admin
Admin Address........ P O Box 99800
Admin Address........
Admin Address........ EmeryVille
Admin Address........ 94662
Admin Address........ CA
Admin Address........ US
Admin Email.......... contact@myprivateregistration.com
Admin Phone.......... +1.5105952002
Admin Fax............

Tech Name............ PrivateRegContact TECH
Tech Address......... P O Box 99800
Tech Address.........
Tech Address......... EmeryVille
Tech Address......... 94662
Tech Address......... CA
Tech Address......... US
Tech Email........... contact@myprivateregistration.com
Tech Phone........... +1.5105952002
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com

regards
ocean

December 08, 2008, 07:38:44 am
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day