[Dshield] New IM Virus?

Scott lists at sabsec.com
Mon Oct 17 03:18:07 GMT 2005


Has anyone seen an AIM IM containing  the URL
hxxp://FullPictures.my-net-space.net/show.php?sec=jxxx&num=xxx
in it? VirusTotal doesn't know what it is, but in the strings, I see the
below, which leads me to believe it's nasty...

Application cannot be run with debugger or monitoring tool(s) loaded!
            Please unload it and restart the application.
hxFT8
H-+HnL1
PVWST
PhP:<
]hqk
*XH at -
 g1P
PHXH
@W P
m]<GP
T5?h
0PP=
E!~P
tW5;
KERNEL32.DLL
USER32.DLL
SHELL32.DLL
_lopen
ExitProcess
MessageBoxA
ShellExecuteA


More information about the list mailing list