Skip navigation.
Home

Another MSN thing?

Yet another MSN worm here:

MD5: c0fc8d049547722059bedc9893f6bfd3

recieved in message:
is that u? :o http://tuspics.tu.funpic.org/index.php?pic2038.jpg

Nice that it looks like a jpg extention to the unexperienced user, would fool many people, now that we've been learning them to only click on gif (NOT pif!), jpg etc etc :p

anyway..usual stuff, downloads a shitload og backdoor, adware, and sends the link to everyone on the messenger contact list :)

//Drean

sample

Can you add an attachment/sample. The link's dead and the link searching by md5 checksum isn't working either.

Thanks

That was quick....

..that they removed the malware from the website.

I had some problems uploading the sample yesterday, if i search for the md5 i find the 3 entries, but the download link is dead :/

Anyway...malware attached to the post :)

Quick indeed!

I'll say - a LOT quicker than I manage to get some sites shut down (if at all!).

Anyway, thanks very much for posting the sample :)

The entry is now in the

The entry is now in the database too. There was a slight problem that is fixed now, so i'm removing the attachment.

some more analysis

Found this tring:

C\Projects\My.SRC\Teggo\MoleBox\molebox2\bootup\mbx_DLL.cpp

If you look at this page;

http://www.molebox.com/download.shtml

you can see its an interesting binder, packer type tool.

Theres also a couple of URL's

000086C8 004086C8 0 www.act2photos.com
000086DC 004086DC 0 soundofcash.com

0012F82C 00A24988 ASCII "msnmsgr.exe"

Acesses

0012DAD4 00145AB8 ASCII "\\system32\\mswsock.dll"

Connects out to 69.64.39.103
OrgName: Server4You Inc.
OrgID: SERVE-6
Address: 710 North Tucker Blvd
Address: Suite 610
City: St. Louis
StateProv: MO
PostalCode: 63101
Country: US
RAbuseHandle: SWI19-ARIN
RAbuseName: Wintz, Sascha
RAbusePhone: +1-866-342-5749
RAbuseEmail: sw@server4you.net

And gets:

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-icq, */*
Accept-Language: nl
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; {E47477B2-FC9A-329B-ACBB-2984B5523292})
Host: soundofcash.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Content-Length: 33091
Content-Type: text/html
Content-Location: http://soundofcash.com/Index.html
Last-Modified: Tue, 19 Dec 2006 00:55:54 GMT
Accept-Ranges: bytes
ETag: "34168b6f823c71:410"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 30 Dec 2006 02:46:33 GMT

lt??;>3;938>3658??For more information u can contact us @ onlinesexpics@gmail.com
doctype html public "-//w3c//dtd html 4.0 transitional//en">
html>
head>
meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
title>Sexpics.info - Sexpics.info/title>
!-- -->
style type="text/css">

.. #categories { .width: 700px;
}
#categories a { .display: block;
.width: 230px;
.padding: 1.5px;
.font-family: verdana, arial, sans-serif;
.font-size: 11px;
.text-decoration: none;
.color: #000066;
}
#categories a:hover { .text-decoration: underline;
}
#header { .font-family: arial, sans-serif;
.color: #666;
}
#header em { .font-size: 11px;
.font-style: normal;
.display: block;
}
#header strong { .font-weight: bold;
.font-size: 14px;
.text-transform: uppercase;
}
#main-content .searchbox { float: right; }
#masthead { margin: 11px auto; }
#navcontainer { font-style: italic;
font-size: 11px;
font-family: verdana, arial, sans-serif;
margin-bottom: 19px;
text-align: left; }
#navlist { padding: 0;
margin: 0;
border-top: 1px solid black; }
#navlist li { list-style: none;
font-style: normal;
margin: 0;
padding: 0;
font-size: 11px;
border-bottom: 1px solid #ccc;
font-weight: bold;
line-height: 18px; }
#navlist li a { text-decoration: none; display: block; margin: 0; padding: 2px 0 2px 4px; color: #444; }
#navlist li a:hover { background: #f5f5f5; }
#navlist ul { margin: 0;
padding: 0; }
#sidebar { padding-top: 18px; }
#top-links { font-size: 11px; color: #fff; text-decoration: none; }
#top-links a { color: #fff;
text-decoration : none; }
#top-links a:hover { text-decoration: underline; }
.divider_bg { .background: url(http://images.bmnq.com/tplg/39/divider_bg.gif) repeat-x left top;
.display: block;
.margin: 8px 0;
.padding: 0;
}
.domainname { font-family: trebuchet ms, arial, sans-serif;
font-size: 21px;
color: #555;
float: left; }
.expiry_note { .font-family: tahoma;
.font-size: 11px;
.color: #555;
.margin: 0;
.padding: 0;.
}
.featured_list { text-align: left;
.display: block;
.width: 210px;
.margin: 0;
.padding: 0; }
.featured_list li { .width: 210px;.
.list-style: none;
.font-size: 14px;
.font-weight: bold;
.margin: 0 0 0 5px;
.padding: 0; }
.featured_list li a { text-decoration: underline;color: #000;line-height: 18px;padding: 2px 0;
background: url(http://images.bmnq.com/tplg/39/featured_listing_bullet.gif) no-repeat left center; padding-left: 8px; font-weight:normal;font-size:14px;font-family:arial, sans-serif }
.featured_list li a:hover { color: #cc0000;
background: url(http://images.bmnq.com/tplg/39/featured_listing_bullet.gif) no-repeat left center;
text-decoration: none;

}
.featured_section { .border: 1px solid #EAEDE1;
}
.featured_title { .background: #EAEDE1;
.font-size: 10px;
.font-family: verdana;
.color: #576039;
.display: block;
.margin: 0;
.padding: 4px 0 4px 11px;
.font-weight: bold;
}
.footer { .border: 1px solid #EAEDE1;
}
.footer_bookmark { .font-size: 21px;
.font-family: georgia;
.background: #EAEDE1;
}
.listing { .margin: 0;
.padding: 0;
.border-top: 1px solid #bababa;
.width: 278px;
.text-align: left;
.display: block;
}
.listing li { .list-style: none;
.width: 276px;
.display: block;
.margin: 0 0 3px 0;
}
.listing li a { display: block;text-decoration: none;width: 256px !important;width: 277px;color: #003399;font-size: 12px;font-weight: bold;padding: 6px 0 6px 21px;background: url(http://images.bmnq.com/tplg/39/listing_icon.gif) #f5f5f5 no-repeat 5px center;line-height: }
.listing li a:hover { .background: url(http://images.bmnq.com/tplg/39/listing_icon.gif) #EAEDE1 no-repeat 5px center;
}
.related-categories { .font: 11px/18px verdana, arial, sans-serif;
}
.related-categories a { .text-decoration: none;
.color: #333333;
.display: block;
./*padding: 2px 0;*/
}
.related-categories a:hover { color: #cc0000;
text-decoration: underline; }
.related-categories td { .font: 11px/18px verdana, arial, sans-serif;
.padding-left: 6px !important;
.padding-left: 16px;
}
.related-searches a { .font-weight: bold;
.text-decoration: none;
.color: #330066;
.display: block;
.padding: 3px 0 3px 0px;
}
.related-searches a:hover { .text-decoration: underline;
}
.related-searches td { .font: 13px/18px verdana, arial, sans-serif;
.padding-left: 17px !important;
.padding-left: 19px;
}
.related_categories { .width: 180px;
.background: url(http://images.bmnq.com/tplg/39/corner.gif) #eee no-repeat right top;
.text-align: left;

}
.related_categories li {
.text-decoration: none;
.color: #333;
.display: block;
.padding: 0;
.margin: 5px 0;
}
.related_categories li a { .text-decoration: none;
.color: #333;

}
.related_categories li a:hover { .color: #CC6600;
}
.related_categories ul { .margin: 1.5em 1em;
.list-style: none;
.padding: 0;
.font-size: 12px;
.font-family: arial, sans-serif;
}
.related_categories ul strong { display: block;
font-family: Arial, 'trebuchet ms';
border-bottom: 1px solid #fff;
font-size: 12px;
margin-bottom: 8px;
width: 140px; height: 20px;
}
.related_categories2 { .width: 180px;
.background: url(http://images.bmnq.com/tplg/39/pin.gif) #eeeedd no-repeat right top;
.text-align: left;

}
.related_categories2 li { .text-decoration: none;
.color: #333;
.display: block;
.padding: 0;
.margin: 5px 0;

}
.related_categories2 li a { .text-decoration: none;
.color: #000;

}
.related_categories2 li a:hover { .color: #CC6600;
}
.related_categories2 ul { .margin: 1.5em 1em;
.list-style: none;
.padding: 0;
.font-size: 12px;
.font-family: arial, sans-serif;

}
.related_categories2 ul strong { display: block;
font-family: Arial, 'trebuchet ms';
border-bottom: 1px solid #fff;
font-size: 12px;
margin-bottom: 8px;
width: 140px; height: 20px;
}
.spons a { color: navy; font-family: verdana, helvetica, sans-serif; font-weight: bold;font-size: 11pt; color: #000066; }
.spons a:hover { color: navy; font-family: verdana, helvetica, sans-serif; font-size: 11pt; font-weight: bold; text-decoration: none; }
.sponsored_results { background: url(http://images.bmnq.com/tplg/39/bg.gif) repeat-x left top;
padding-left: 8px;
}
.sponsored_results .head { font-size: 14px;
font-weight: bold;
text-decoration: none;
margin-bottom: 1px;
color: #000066;
}
.sponsored_results .url { font-size: 11px;
color: #000066;
}
.sponsored_results em { .font-family: tahoma;
.color: #888;
.font-size: 11px;
.font-style: normal;
}
.sponsored_results p { .font-size: 12px;
.color: #333;

}
.sponsoredlinks { font-family: verdana, arial, sans-serif;
font-size: 11px;
text-align: left; }
.sponsurl a { color: #5196E1; font-famil