-
May 6th, 2003, 07:40 PM
#1
ICQ/MSN Messenger Fraud
Haven't seen any mention of it here, so I thought I would post to make sure people are aware of it.
Taken from here
We received notice about fraudulent messages sent via ICQ and MSN Messanger,
urging users to visit various websites to download Windows patches. While these
websites resemble 'official' Microsoft sites, the patch is in fact a trojan
horse. If installed, the trojan horse will connect to an IRC server and
participate in a "botnet" which could be used to portscan or to launch DDOS
attacks.
We do recommend blocking access to the following IPs and sites used in this
scam:
200.152.5.119
212.78.206.150
209.126.216.36
upon joining the IRC channel, the 'bots' are currently instructed to 27374 and
1243. The installed binary is 'scan.exe'. While scan.exe is not currently
detected as a virus, it will uncompress itself and extract several components
which are detected by virus scanners.
Just a reminder: there are likely variations of this basic scheme. Please do
NOT take these instructions too specific. More generic, outbound IRC traffic,
and outbound scans of port 27374 and 1243 are always suspicious.
Keep it in mind for those of you who have a large number of less-savvy, but well intentioned users.
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
May 6th, 2003, 07:56 PM
#2
oh man, lamers never change. I remember back 3 years ago when i first got a computer there were all kinds of trojans and **** for ICQ, its sad. i mean its cool people found a way to get a trojan out of ICQ but i mean damn, lol this doesnt seem anything more than a social engineer attempt from somenoe who doesnt actually have the skills you need to be good at it.
-
May 6th, 2003, 07:58 PM
#3
Hmm, the mentioned ports are the defualt ports for sub7....... Sub 7 is known to communicate with irc bots, telling the owner when an infected victim goes online. In addition to the irc, notifications can be made via messenger, email, and some versions of ICQ. My advice is to NOT download anything, if the links are provided in a chatroom, a form of messenger, or from an email where you are not 100% sure of the sender's soure or identidy. Sub7 is only one of the trojans that can notify/act this way. There are many other trojans, that act very similar. For now till more information is provided about this thread, i recomend getting the cleaner from www.moosoft.com, aswell as updating your antivirus scanners.
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
May 6th, 2003, 08:39 PM
#4
Keep it in mind for those of you who have a large number of less-savvy, but well intentioned users.
All the more reason to prohibit the use of IM, java chat and IRC services in the workplace...
Muhahaa Muhahaa Muhahaa
I guess the home users would be more vulnerable to this type of social engineering.
Ah well... I'll send out an e-mail to everyone anyway.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
May 7th, 2003, 10:16 PM
#5
Senior Member
Sub7 and BackOrifice, and other similar trojans really piss me off... it's the easy way in, and, as phish said, makes it easy for the social engineer to get what he/she wants.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|