Greeting Card spams
Independence Day comes, Spams also come
Some hours ago, we received some reports that a new worm was spreading via MSN messenger. The file name is "myalbum2007.zip". The worm also can send out different messages according to the different version of Operating System, Kaspersky detects it as Backdoor.Win32.IRCBot.acd. We hope everyone should be careful of this kind of files.
This worm can send out the following messages:
English version:
French version:
Netherlands or Belgium version:
Germany version:
Italian version:
Spanish version:
In the .zip file, there is a file named as "photo album-2007.scr", the size is 52,736 bytes, MD5 hash is ee3ed79ffb63344b6e50458b68a7814a.
Upon execution, it drops the following file:
Alias:
W32/IRCBot-WV [Sophos]
Update 11:00 p.m, July 3, 2007:
Added a detailed description of this worm, written by our anylyst Moonny: http://www.cisrt.org/bbs/viewthread.php?tid=1421
Last modified by smallmo onJuly 3, 2007 23:02
This worm can send out the following messages:
English version:
Here are my very secret pictures for you.
Here are my pictures from my vacation
hmm is this you on the photo ?
Check out my pics from my workplace.
Nice new photos of me and my friends and stuff...
ahh look this is my greatest picture made on vacation 2007, take a look Check out my nice photo album. :D
Here are my pictures from my vacation
hmm is this you on the photo ?
Check out my pics from my workplace.
Nice new photos of me and my friends and stuff...
ahh look this is my greatest picture made on vacation 2007, take a look Check out my nice photo album. :D
French version:
hey regarde les tof de notre bande de fous. :p
hey c'est toi dans ces tof!!???
hey regarde les tof, c'est moi et mes copains entrain de.... :D
j'ai fais pour toi cet album de photos tu dois le voire :p
stp regarde cet album de photos je lai fais specialement pour toi et mes amis... mes photos chaudes :D
t'as pas encore vu ces tof???
hey c'est toi dans ces tof!!???
hey regarde les tof, c'est moi et mes copains entrain de.... :D
j'ai fais pour toi cet album de photos tu dois le voire :p
stp regarde cet album de photos je lai fais specialement pour toi et mes amis... mes photos chaudes :D
t'as pas encore vu ces tof???
Netherlands or Belgium version:
hey kijk eens naar mijn nieuwe foto album
hey bekijk eens mijn nieuwe foto album
hmm ben jij dit op de foto ?
hey kijk ! dit is een lijst van mijn nieuwste fotos !!
ahh kijk mijn mooiste foto album van vakantie 2007 bekijk ze eens :p
kijk dit zijn fotos van mij werkplek! :)
hmm ben jij dit op de foto ?
hey bekijk eens mijn nieuwe foto album
hmm ben jij dit op de foto ?
hey kijk ! dit is een lijst van mijn nieuwste fotos !!
ahh kijk mijn mooiste foto album van vakantie 2007 bekijk ze eens :p
kijk dit zijn fotos van mij werkplek! :)
hmm ben jij dit op de foto ?
Germany version:
meine hei en Fotos ! :p
Italian version:
le mie foto calde :p
Spanish version:
mis fotos calientes
mi fotografas :p
Mi amigo tom?las fotos agradables de m?:p
el lol mi hermana quisiera que le enviara este album de foto
mi fotografas :p
Mi amigo tom?las fotos agradables de m?:p
el lol mi hermana quisiera que le enviara este album de foto
In the .zip file, there is a file named as "photo album-2007.scr", the size is 52,736 bytes, MD5 hash is ee3ed79ffb63344b6e50458b68a7814a.
Upon execution, it drops the following file:
%Windows%\myalbum2007.zip
%System%\sysprinters.dll
%System%\sysprinters.dll
Alias:
W32/IRCBot-WV [Sophos]
Update 11:00 p.m, July 3, 2007:
Added a detailed description of this worm, written by our anylyst Moonny: http://www.cisrt.org/bbs/viewthread.php?tid=1421
Last modified by smallmo onJuly 3, 2007 23:02
germanist Says :
March 2, 2008 11:31
false -> meine hei en Fotos ! :p
right -> meine heissen Fotos ! :p
from a german speaking guy
right -> meine heissen Fotos ! :p
from a german speaking guy
w~ Says :
August 2, 2007 13:29
new strand: Backdoor.Win32.IRCBot.acu
Daniel-Maylx Says :
July 6, 2007 00:21
Hi there,
It seems you are all having trouble with this virus. Uninstall windows live messenger and run a simple antivirus program and scan your harddrive. Or use BitDefender.com's free online virus scan. It really works.
I myself have never had the virus but I do know people who HAVE had it. It's pretty nasty.
If you need any additional help just ask me.. My yahoo is gk67islands@yahoo.ca
Cheers,
Daniel
It seems you are all having trouble with this virus. Uninstall windows live messenger and run a simple antivirus program and scan your harddrive. Or use BitDefender.com's free online virus scan. It really works.
I myself have never had the virus but I do know people who HAVE had it. It's pretty nasty.
If you need any additional help just ask me.. My yahoo is gk67islands@yahoo.ca
Cheers,
Daniel
Alex Says :
July 5, 2007 17:42
i have this fucking virus... it likes cock!
FUCK i swear i've tryed everything to delete this terroising bitch
it just wont get lost. any ideas?
FUCK i swear i've tryed everything to delete this terroising bitch
it just wont get lost. any ideas?
neo Says :
July 5, 2007 15:38
i had it too...
stupid thing...
format yor're computer and go work on linux ubuntu !~
lol
stupid thing...
format yor're computer and go work on linux ubuntu !~
lol
Angelique Says :
July 5, 2007 02:23
not bull shit.. I have that stupid virus... How do i get rid of it????
mohamed eisa Says : 
July 4, 2007 16:03
pull shit
df Says :
July 4, 2007 16:03
[]question[/emot]
Pages: 1/1 
1 
1
