Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Following the sudden and shocking death of The King of Pop, Senior Threat Researcher Loucif Kharouni reports that a slew of malicious links related to Michael Jackson’s last moments in the hospital before his death are now being proliferated in the wild via the instant messaging (IM) application, MSN. Below is a sample screenshot of an MSN IM window containing various templates of the said malicious links:

    Screenshot

    When recipients of such messages click on any of these links, they are prompted to save a file named PIC-IMG029-www.hi5.com.exe (with an MD5 checksum of 031429fc14151f94c8651a3fb110c19b), instead of being led to an image site or gallery. Initial analysis shows that the said file is a variant of the SDBOT family.

    More updates shortly. Stay tuned.

    Update as of 27 June 2009

    The botnet is said to push the templated messages through an IRC to the client to be spammed. Below is a sample screenshot of the botnet’s activity:

    Click for larger view

    The malware responsible for this is detected as WORM_IRCBOT.GAT. It opens a certain port on the affected system then listens for remote commands. Kharouni reports that commands to download certain files are received and executed by the affected system, ultimately leading to the download a PUSHDO variant. PUSHDO is a botnet responsible for a huge amount of spam activity. More information on PUSHDO can be found here:

    A whitepaper showing findings by the research of Trend Micro analysts on PUSHDO/CUTWAIL is also available and can be downloaded here.

    Trend Micro clients are rest assured that all URLs are already blocked through the Smart Protection Network.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice