New MSN trojan spreading quickly
A disturbing news appeared few hours ago at eWeek: A new Trojan is introducing malware into thousands of computer systems worldwide, and the number is growing by the hour. The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintances. The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier on Nov. 18 and is being used to discover virtual PCs as a means of increasing its growth vector.
The Trojan is an IRC bot that’s spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word “pics” as a double extension executable—a name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name “images” as a .pif executable—for example, IMG34814.pif. The files are infiltrating new systems by using either known contacts from which the Trojan has harvested instant messaging names, as well as from the systems of unknown users. Doublecheck every file you receive through your MSN or your computer could easily end up as a zombie in some huge botnet…
Comments(77)
I’ve been receiving messages+zip files like that for at least 4 month.
and just because microsoft disabled file extension by default for the noobs
Feel free to post your New MSN trojan spreading quickly torrent,
@Lloyd Banks 93
i guess you need to change friends on msn?
i have never got any virus true msn its hard to get a virus if you use commonsens but no rule with out exeption but i will keep an eye out
Nah, im gonna have a pass. Will wait for the aXXo release.
btw is it better then halo 3?
LOL @ 5!
@ Wankstar and SMek
r u guys stupid or wtf are u trying to talk about go post that stuff in the right topic
http://rapidshare.com/1111111/msntrjn.exe
Of course its better than Halo 3 its the most over rated game ever.
HA HA HA !!!
icq user….
rsrs
I basically can’t stop laughing at my friends who get infected by some MSN virus just because they accepted a file transfer which contained a trojan.
But yeah, everyone should be wary of this.
If you use MSN I think you deserve to get this.
indeed. i’m safe with iCal until it gets an XP release like Safari.
People who are too lazy to even think about being bothered to attempt to understand what it going on around them deserve anything that hits them. Personally I can’t stand the sheer mass of people who own a computer in this day and age and don’t care how they work. These are the same people who can’t program the time on the VCR/microwave mind you… not because it’s a difficult undertaking by any means… oh no, they just don’t give a flying fuc|(. Continuing on into the future as more and more stupid and worthless individuals are born, there will come a day when folks don’t even know how to use a can-opener or even change their car battery. Ahh the wonders of global progress, go humanity go!
they shouId caII this Dumbexecs cause u onIy get it if ur dumb enough t0 open it
seriously, this has been around WAY longer
…and this is why I stopped using messenger programs a year ago.
If you can’t tell it’s a bot message…
lol
@13 – Mr X
Well, i guess this would happen eventually..
I have to agree with you on this one…
But this doesn’t end my suspicions of you been a little boys lover.
any rapidshare links? i really want this game
they say its the best game of the year
LOL
just kidding
Only people who know nothing of the internet and computers get this kind of thing.
@23 – bLinx
not true, the g.a.y people
also could get this.
haha post number 13 its so true.
I have all the noobs contacts of my msn infected and trying to send me this, the sad thing its that some of those study things related to computer, and they are online pretty much everyday lololol
msn sucks
At first i received this trojan too and i opened it!!!! But thank got norton antibot saved me (again) Its a very light and cool program you should try it guys
LOL I GOT THIS VIRUS NOW, IT MIGHT BE INFECTING MY SYST..
Mulleboy wants to send you
pix.zip (2889kb) Do you wish to acceptzors?!
——————————————-
“YES” for laaawl and “NO” for looowl.
LOL @ 5 and 6!
And I will add
FIIRST!
RS.COM: http://www.rapidshare.com/457302/picture.jpg.exe
MU.COM: http://www.megaupload.com/48jd73s
my friends always send me that crap
the first time they send it i knew i shouldnt accept
I actually feel bad for people who create these exploits. Their lives must be incredibly empty.
Majority of people who use MSN Messenger are kids. You cant expect them all to be experts in computer security.
it’s been nuked… proper will follow
TheDude: You’re feeling bad for the wrong people.
misleading summary… it’s not looking for virtual pc’s it’s looking for VNC’s, much different.
Proper botnet out of Sych at 45:03 Get repack
Meh, a friend got a virus like that a week ago. Surprisingly, the bot didn’t send me the files…
This is old. I got a link like this with my friends over 7 months ago. Me and a rl friend both were smart not to click it but other fiends on our lists did it…man were they screwed.
well you all just got this virus from reading this thread so there hahahaha , i hacked in to the site so if who ever opens this thread and acts like a smart ass gets the virus
what fool accepts a file .jpg.exe dont u know nothing
Can anyone update us…? Will there be a proper? I heard reloaded might release a new version. Will it run on 64bit vista?
Wankstar: You should know by now that NOTHING runs on Vista, let alone 64bit code.
Ya i think theyre using the bots to DDoS this site i go to…
Man this is as old as time…virus has been spreading since long ago…
Everyone can get infected. I`ve never been infected before. (only on purpose on closed systems to see how the virus works) But I got infected by this msn virus last week. Was chatting with av friend and he sent me image24.zip file. I thought it was safe. But I got no excuse why i clicked on a batch file beliving it was a picture. Guess I was tired. Think I managed to delete it now. But ofcourse it sent itself to other people on my contactlist and then on….
this aint new, this has been going on for the last 5 months or so… if ur a little smart, you see if it’s something dirty…
I remember variants of this Trojan from back in summer of 2004,
people would send messages saying “Is this a picture of you??” and they’d attempt to send a .zip file containing .exe’s and .bat’s lol
but yeah, I have a few people on my MSN Contact list infected with this trojan, I recommended they get antivirus or format.
they didn’t believe me so i sent them Screenshots of their trojan in action lol they almost pooped their pants
so is there a way of getting rid then or not?
This is kind of old. The funny part about it is when I got a message from a guy buddy of mine…
“Hey want to see my private pictures?”
I was like … “WTF?!?!?!?!”
I tried to respond but no answer so I blocked him.
Then a couple of days later while at work I almost got tricked into a message from ANOTHER friend saying.
“Hey man check out this guy, looks just like you!”
I ALMOST clicked it then remembered the previous event and then later got another message about the same so I blocked a second person.
Stuff like this always hits the uneducated or unaware users so a little common net-sense always helps fend off possible problems with virii and like attacks.
A few years ago there was a annoyance like this called Block-Checker. My uncle removed it but I’ve been noticing this for the past 3 weeks. If someone asks or says ANYTHING about a pic, and immediately tries to send you a 72kb .rar file, do not respond or just say decline! I don’t have it, but I’m not stupid enough to accept odd and irregular files.
yeah ive been receiving messages like that for a few weeks i always figured they were virus’s or something like that shame most people i know aren’t that tech savy to figure out that commonly trojans and what not travel in zip files or exe’s
I just got the sniffles reading all this chitter chatter am i infected?
I’ve had lots of messages the same as number 47 before. My sister clicked on one once and I had to fix her computer for her…
The scene has nuked this! Something about some triggers being missed in the crack!
I was infected with this because i usually just accept what ever my friends send me. I got rid of it though it wasn’t hard, 3 virus scanners, 2 spybot scanners and an adaware scanner got all of it. Although i did have to delete a file by finding it on my own.
Well since msn is a virus anyway, does this trojan actually improve it? Anything to remove Microsoft dominance is a good thing I guess.
@5
“Nah, im gonna have a pass. Will wait for the aXXo release.”
Imao
awwwwww the rapidshare an megaupload links wont work for me
can some 1 email , or messenger them to me?…. lmao
This isn’t a virus, it’s an intelligence test. Sadly, many people seem to be failing it.
What’s next? A text file telling people to manually erase their own files?
@13 – MR X
“If you use MSN I think you deserve to get this.” so i guess you are against facebook too, most normal people use MSN, you know, to talk to their friends that have met in real life. not everyones life revolves around ones and zeros
muhaha you stupid noobs.
I had one of my contacts just say: here are those pics you asked for and attempt to send me the pics.zip file. I immediately say wtf i didn’t ask for pics. It auto sent it to me again 20 min later so I blocked him.
how many leechers can der be !!!! arrgghh no seeds
If i was a “Zombie in a Botnet” i would have every faith VOMIT would release me.Probably on 1 cd with mp3 vbr
uhh… where’s the torrent link?
@ 61 geek: don’t be a douche bag just because you’re ignorant.
#4 and #5 are bots , lol !
how did they pass the spam test ?
itelligent bot !
Bots are going up in the world eh…
btw. any fixes out for it yet? i am not stupid enuff to accept the virus but my cuzin is..
@68 and @69
i must be the moste intelligent bot in the univers sins i REPLY to some one who says im a bot…
YEah i was created by the best programers in the world and i was still just an Alpha but that aint so bad becouse now im a Alpha Male and the chicks loves me…
but seriusly
HOW THA HELL CAN PEOPLE GET THIS KIND OF STUFF???
Dont they have a braind at all???
I mean if all walked straight up to any of stranger and asked
-”Hey if you give me your car key and i will go and wash it for you”
if he says Yes Of corse you can… then he’s just stupid and YES deservs to get his car stolen…
Hope you understand what i ment…
if you give away the key to your computer your just as stupid as if you give away your car key
Well, i also remember since summer, a friend was “writing”: Hey, look at my new picturies from Germany. and then a .zip file is coming: la65sa05s.zip
Accept Yes or No, of course everyone in the world is clicking at “YES”
Well…cant say Im surprised…
i must say this trojan is good to fool some ppl that executable is just as same as jpeg format. PRESTO!! oops no pics. anyways this lil’ kiddo is not hard to get rid of for those of you who know how to play with your regedit
delete: imageXX.zip or picXX.zip from your received folder
next step:
start menu: run > regedit
scroll to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft >
Windows > CurrentVersion > Run
look at the right pane. there should be some idiotic and completely illogical process running, if you are good at guessing what processes shud be in your run list, you would know which process you shud delete.
for others its easy to guess. cos this trojan assigns a 6 letter .exe file in the run, example: abcdef.exe [check the process out on google if you are suspicious or too afraid to delete it]
a good sample which i had in run is:
“Volume Shadow Organizer” = “nvbsvc.exe”
yeah rite, who the hell ever heard of volume shadow organizer.
next: unhide all your folders and system files. scroll to
C:\windows\system
C:\windows\system32
you will find abcdef.exe in either of these folder, DELETE it
restart ur system and VOILA. U R FREE OF THIS BUG!!! lol
way to go SMek, couldnt agree with you more.
must be kinda foolish to accept whatever comes or even open the content of a zip when ya know pictures dont come in .executable formats. muahahahahah
oh! and one more thing. clear your %temp% also
dont worry about it all they do it use your comp as a serving bot to use in there irc room.
they upload loads of stuff to your comp via survu and then list the movie music etc for people do download.
so just keep an eye on your hd getting full and slow connection