Not detected yet!?
While checking my email yesterday at Hotmail I got an email from a nicole smith. The email was an attachment of what appeared to be a valid jpg file: "nicole256.jpg". When I put my mouse on the image I noticed the link on the status bar was not to the "nicole256.jpg" file but instead to another site "hxxp://220.127.116.11/pics/nicole256.php". needless to say, it was a spoofed link to an "exe" file. I downloaded the file and scanned it with avp kav 7.0 with the very latest definitions and it found nothing. Nope, not even as suspicious. I have included 3 screenshots: what appeared as a suspicious string of the source code of the hotmail page and 2 screen captures of the scan from virus total, several scanners did register it as malware and a couple as suspicious. Is this a new technique/method of infecting? For a long time now, hotmail had always restricted almost all attachments but this one seemed to get by with no problem.
when i submitted the file at KAV site for a scan and it told me the file was
here is the direct link from rapidshare. no wait time or code to enter just click or right click and use save as. the exectuable in the rar file is a dos rar file so files inside can be extracted.
password is "infected"
copy & paste
this is for the executable file.