Haven't seen any mention of it here, so I thought I would post to make sure people are aware of it.
Taken from here
We received notice about fraudulent messages sent via ICQ and MSN Messanger,
urging users to visit various websites to download Windows patches. While these
websites resemble 'official' Microsoft sites, the patch is in fact a trojan
horse. If installed, the trojan horse will connect to an IRC server and
participate in a "botnet" which could be used to portscan or to launch DDOS
attacks.Keep it in mind for those of you who have a large number of less-savvy, but well intentioned users.We do recommend blocking access to the following IPs and sites used in this
scam:
200.152.5.119
212.78.206.150
209.126.216.36
upon joining the IRC channel, the 'bots' are currently instructed to 27374 and
1243. The installed binary is 'scan.exe'. While scan.exe is not currently
detected as a virus, it will uncompress itself and extract several components
which are detected by virus scanners.
Just a reminder: there are likely variations of this basic scheme. Please do
NOT take these instructions too specific. More generic, outbound IRC traffic,
and outbound scans of port 27374 and 1243 are always suspicious.
/nebulus
Reply With Quote