robertutzu Posted February 2, 2011 Report Share Posted February 2, 2011 In seara asta tot vad ca primeam mesaje de la una cu linkul asta :wshoppic on FacebookGhici ce a zis avg cand a vazut ca in loc de o poza imi zice sa salvez un .exeRaspuns: Trojan !Asa ca aveti grija pe ce dati click-uri pe la facebook! Quote Link to comment Share on other sites More sharing options...
Nytro Posted February 2, 2011 Report Share Posted February 2, 2011 Ce tare, redirect catre un executabil. Sa ma uit putin peste el, poate gasesc ceva interesant. Quote Link to comment Share on other sites More sharing options...
intrus Posted February 2, 2011 Report Share Posted February 2, 2011 The page you requested was not found. Quote Link to comment Share on other sites More sharing options...
hirosima Posted February 2, 2011 Report Share Posted February 2, 2011 Ce tare, redirect catre un executabil. Sa ma uit putin peste el, poate gasesc ceva interesant.sa ne anunti si pe noi ce ai gasit. Quote Link to comment Share on other sites More sharing options...
Nytro Posted February 2, 2011 Report Share Posted February 2, 2011 Nu am gasit nimic, jegul de Microsoft Security Essentials mi l-a sters si acum nu mai merge pagina. Daca il are cineva, sa imi trimita PM cu un link de download va rog. Quote Link to comment Share on other sites More sharing options...
Gabriel87 Posted February 2, 2011 Report Share Posted February 2, 2011 Ma gandesc ca iara ii server de Zeus Botnet Quote Link to comment Share on other sites More sharing options...
Nytro Posted February 2, 2011 Report Share Posted February 2, 2011 Era detectat ca IRC Bot, deci o porcarie probabil. Oricum, ideea de spreding e oarecum noua, imi place ca se descarca automat. Quote Link to comment Share on other sites More sharing options...
Gabriel87 Posted February 2, 2011 Report Share Posted February 2, 2011 Era detectat ca IRC Bot, deci o porcarie probabil. Oricum, ideea de spreding e oarecum noua, imi place ca se descarca automat.Se folosete de un soft care are optiunea spread facebook si yahoo ?sau e un script php Quote Link to comment Share on other sites More sharing options...
Nytro Posted February 2, 2011 Report Share Posted February 2, 2011 (edited) A fost creata o aplicatie (de Facebook), si nu stiu cum (si nici nu ma intereseaza) a facut redirect pe o pagina [de pe Facebook] (chiar daca utilizatorul nu a dat Allow la acea aplicatie) catre un executabil.Modificare: Am gasit link-ul fisierului, si ma uit peste el.Initial am dat de: "imbot.exe|1|M|0|0|/stext "C:\pass.txt"|0|7|0|0|0|1|0|bak burda ne war!|1|1|1|10|" care este un sir de setari folosit de bindere/cryptere. Ceea ce imi spune ca va scrie fisierul imbot.exe care probabil va salva ceva in C:\pass.txt. Deci e vorba de un rahat, nu e ceva complex.Nu am timp si nici chef sa aflu in detaliu ce face, ma uit doar putin peste el. PS: "bak burda ne war" = "Uite aici, ce r?zboi!". Interesant. Edited February 2, 2011 by Nytro Quote Link to comment Share on other sites More sharing options...
bubu2005 Posted February 3, 2011 Report Share Posted February 3, 2011 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.File name:facebook-pic000934519.exeSubmission date:2011-02-02 18:54:28 (UTC)Current status:finishedResult:7 /43 (16.3%)VT Communitynot reviewed Safety score: - CompactPrint resultsAntivirus Version Last Update ResultAhnLab-V3 2011.01.27.01 2011.01.27 -AntiVir 7.11.2.59 2011.02.02 -Antiy-AVL 2.0.3.7 2011.01.28 -Avast 4.8.1351.0 2011.02.02 Win32:Malware-genAvast5 5.0.677.0 2011.02.02 Win32:Malware-genAVG 10.0.0.1190 2011.02.02 Dropper.Generic3.IVPBitDefender 7.2 2011.02.02 -CAT-QuickHeal 11.00 2011.02.02 -ClamAV 0.96.4.0 2011.02.02 -Commtouch 5.2.11.5 2011.02.02 -Comodo 7568 2011.02.02 -DrWeb 5.0.2.03300 2011.02.02 Trojan.Inject.3631Emsisoft 5.1.0.2 2011.02.02 -eSafe 7.0.17.0 2011.02.02 -eTrust-Vet 36.1.8136 2011.02.02 -F-Prot 4.6.2.117 2011.02.01 -F-Secure 9.0.16160.0 2011.02.02 -Fortinet 4.2.254.0 2011.02.02 W32/Injector.fam!trGData 21 2011.02.02 Win32:Malware-genIkarus T3.1.1.97.0 2011.02.02 -Jiangmin 13.0.900 2011.02.02 -K7AntiVirus 9.81.3725 2011.02.02 -Kaspersky 7.0.0.125 2011.02.02 -McAfee 5.400.0.1158 2011.02.02 -McAfee-GW-Edition 2010.1C 2011.02.02 -Microsoft 1.6502 2011.02.02 Backdoor:Win32/IRCbot.gen!MNOD32 5841 2011.02.02 -Norman 6.07.03 2011.02.02 -nProtect 2011-01-27.01 2011.02.02 -Panda 10.0.3.5 2011.02.02 -PCTools 7.0.3.5 2011.02.02 -Prevx 3.0 2011.02.02 -Rising 23.43.02.07 2011.02.02 -Sophos 4.61.0 2011.02.02 -SUPERAntiSpyware 4.40.0.1006 2011.02.02 -Symantec 20101.3.0.103 2011.02.02 -TheHacker 6.7.0.1.123 2011.02.02 -TrendMicro 9.200.0.1012 2011.02.02 -TrendMicro-HouseCall 9.200.0.1012 2011.02.02 -VBA32 3.12.14.3 2011.02.02 -VIPRE 8284 2011.02.02 -ViRobot 2011.2.2.4288 2011.02.02 -VirusBuster 13.6.178.0 2011.02.02 -Additional informationShow allMD5 : 6dd1cbc6a63907d54e452757c502cd2cSHA1 : a8940af2d66483b0bcf81f3f09a3af46043d61f6SHA256: 1b14534cfb0f63d0bf8e4910632e3de3c4331fcd7bee4fac5980865756e55454 Quote Link to comment Share on other sites More sharing options...
