Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MSN Messenger Malware?

from [Neil A Trevains] Network Security [Permanent Link]
Subject: RE: MSN Messenger Malware?
Date: Fri, 15 Apr 2005 16:54:13 +0100 
Hi Michael,

Please refer to the following:

http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname
=WORM_KELVIR.N

http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.r.html

This caused the Reuters Messaging service to be temporarily suspended
yesterday.

Hope this helps.

Kind regards,

Neil

Neil A Trevains
Chief Technology Officer and Head of Information Technology
Tradition Technology Group
Tradition (UK) Limited
 
Regulated and Authorised by the Financial Services Authority
 
Disclaimer:
The Company
For the purposes of this disclaimer, ?The Company? may be Tradition (UK)
Limited or any other division or wholly owned subsidiary of Compagnie
Financiére Tradition Group.
Receipt in Error
The e-mail you have received and any attachments transmitted with it are
intended solely for the addressee(s) and may be legally privileged and/or
confidential. If you have received this e-mail in error, please delete it
from your system, destroy any hard copies of it, and contact the sender. You
should not divulge, copy, forward, or use the contents, attachments, or
information in any way. Any unauthorised use or disclosure may be unlawful.
Content
Any opinion expressed in this e-mail may be personal to the author, may not
necessarily reflect the opinions of The Company or its affiliates, and may
be subject to change without notice.
Personal Information
Any personal information contained in this e-mail (and its attachments) is
provided solely for the purpose stated in the e-mail and must not be
disclosed to any third-party or used for any other purpose without prior
consent.

|-----Original Message-----
|From: Mikey [mailto:mike_chan_@hotmail.com]
|Sent: 15 April 2005 03:21
|To: focus-virus@securityfocus.com
|Subject: MSN Messenger Malware?
|
|Hi all.
|
|I haven't been following the virus scene very closely of late so this may
|be an old one. Still, I wouldn't mind if someone could help me identify if
|it is and if it isn't, bring it to the attention of the proper authorities.
|
|Firstly, a bit about the environment; I am running MSN Messenger v6.2.0205.
|Yesterday, a colleague sent me a message that says this;
|
|[05:29:29 PM] Colleague: its you!
|[05:29:30 PM] Colleague:
|               http://hydr0.net/pictures.php?email=email@hotmai
|               l.com
|
|I have changed his real alias to "Colleague" and my MSN IM registered email
|address to email@hotmail.com for our protection (and yes, its different to
|the one I am using to send this message).
|
|Now, normally, you don't see this kind of message except in spam messages.
|But if you click on that link, it will download and execute an executable
|(on Windows XP SP2, it will ask you about it).
|
|Of course, this is my own trusted colleague who is normally very
|conscientious in keeping viruses and malware out, especially from spam
|email.
|
|When you let it execute, it installs two files into the C:\Program
|Files\999 directory.
|
|It then executes one of these executables and sends this message to
|EVERYONE on your MSN IM contact list that is NOT offline.
|
|The message is the same as above but the email address is the same one as
|the recipient's email address. For example, the program will send a message
|to Colleague2 who has a registered MSN IM email address is
|"email2@hotmail.com". This message to her (from you) will look like this;
|
|[05:29:29 PM] Colleague2: its you!
|[05:29:30 PM] Colleague2:
|               http://hydr0.net/pictures.php?email2=email@hotmai
|               l.com
|
|So this epidemic spreads.
|
|The motive? I can only think that the owner of http://hydr0.net is
|collecting email addresses. He or she is using MSN Messenger to proliferate
|this executable to catch users offguard, while collecting more email
|addresses as this message spreads.
|
|The website is still active and there must be a registered domain owner so
|I would be interested to hear if anyone can dig further. ;-)
|
|BTW - I think I have cleaned it out by deleting the C:\Program Files\999
|directory and its files.
|
|Look forward to hear some feedback on whether this is an already identified
|malware or not and where I can find more information on it (like its name),
|if it has already been identified.
|
|
|Cheers,
|
|Michael.




**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
an anti-virus for the presence of computer viruses.

www.traditiongroup.com
**********************************************************************
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: MSN Messenger Malware?, Brian Marince
Next by Date:  RE: MSN Messenger Malware?, Handy, Mark (IT)
Previous by Thread:  MSN Messenger Malware?, Mikey
Next by Thread:  Fwd: MSN Messenger Malware?, Mikey
Indexes:  [Date] [Thread] [Top] [All Lists]