New twitter worm
Today while I was on twitter i found one suspicious link to an exe file which was saying like
"Kristen Stewart from twilight new moon Nude pics! http://www.mediafire.com/?m…"
i downloaded it n checked in virustotal, so 2 detections were there. Then i installed it in my virtual machine.
it is installing lots of legitimate files.
I think dotnet framework is needed for the working of this malware. coz it was downloading dotnet framework, and after the installation of this dotnet framework, one new process came up, and the name was alg.exe,
I have included 3 links to the downloaded malwares, can anybody analize it and tell me what does it do.
I have reported it in my website.
the links are:
alg - http://www.offensivecomputing.net/?q=ocsearch&ocq=2dba3c3d70b8bcc0356e58c971243ac0
Kristen_Stewart.exe - http://www.offensivecomputing.net/?q=ocsearch&ocq=0b10fba0977c9b04e2dcb9f63fca8e93
irsetup.exe - http://www.offensivecomputing.net/?q=ocsearch&ocq=76da2c7c124183acf74251db2a336a79
in this Kristen_Stewart.exe is the malware which was available through the twitter link.