broyds at rogers.com
Wed Nov 19 03:24:59 GMT 2003
The actual page that installs the adware is at
http://public.searchbarcash.com/prompt.php (do not click on this!!!!)
From: Phillip G Deneault [mailto:deneault at WPI.EDU]
Sent: November 18, 2003 6:33 PM
To: intrusions at incidents.org
Cc: unisog at sans.org
Subject: Unknown/Unidentified trojan?
I got this from a student today. Anyone seen this before?
A site that this links to...
claims that its just adware. Anyone want to take it apart to see if its
anything else? :-)
This is the fourth time in two weeks I've heard of or had to clean viruses
off of people's machines because they clicked on some program from a AOL
My parent's e-mailed me this morning to report that they have a virus on
their computer and they said my sister got it by clicking on a link in a
friend's profile in AOL Instant Messenger. Apparently it created a ton of
porn links and other things on the desktop and installed some adware on
system. One of my roomate's got something similar a few days ago, but we
can't remember how we cleared it out, and I can't find the name of the
anywhere based on the information I have.
I found the link that she used to get this, which points to this:
http://www.talkstocks.net The site makes a continuous attempt to push a
program "b.exe" on to the user's system.
Phil Deneault "We work in the dark, We do what we can,
deneault at wpi.edu We give what we have. Our doubt is our passion,
WPI NetOps and our passion is our task. The rest is the
InfoSec madness of art." - Henry James
More information about the unisog