Getting Trojan Attacked In OB4DL

[ChrisZimbo]

Ad pages seem to be giving me trojan problems

http://www.zshare.net/image/trojan2-bmp.html

 

[Rukas]

This has been discussed to death, there are no viruses in any of the pop ups and even if there were they'd ask you if you want to install the file and you'd need to click yes.

No web page of any sort can automatically install an .EXE file on your computer, you have to accept the download.

No other members have said they have this problam apart from Tupac Tha Great, and even he at one stage admitted he has trojans from other sites and not shit one.

That screen shots provides no evidence of where the virus came from.

 

[Rukas]

This has been discussed to death, there are no viruses in any of the pop ups and even if there were they'd ask you if you want to install the file and you'd need to click yes.

No web page of any sort can automatically install an .EXE file on your computer, you have to accept the download.

No other members have said they have this problam apart from Tupac Tha Great, and even he at one stage admitted he has trojans from other sites and not shit one.

That screen shots provides no evidence of where the virus came from.

 

[Rukas]

I would just like to point out that Zimbabwe isnt really involved with this, Tupac Tha Great asked him to post it.

Anyway I did something that TTP apparently found too difficult, instead opting to blame StreetHop for the virus, I did some research.

The screenshot says that the virus is downloader-b.

http://www.sss.ca/sensible/home.nsf/0/41f9556769b1808b85256b3b0064e96f?OpenDocument

Virus Characteristics

The trojan arrives as an email attachment named SCENES.ZIP.

The .ZIP file contains the file SCENES.WRI, which is a Wordpad document. This document contains two embedded objects - SCENES1.JPG and SCENE2.JPG. The object named SCENE2.JPG is an embedded image named "Copy of IMG_0017.jpg".

The second object named SCENES1.JPG is actually an embedded executable named "Copy of RESULT.EXE". When opened, it executes the "Copy of RESULT.EXE" executable. Upon execution, the trojan unpacks several files into the Windows\temp folder, and then displays a JPEG using the default viewer, while it launches the mass-mailing script. It may also attempt to launch two other malicious programs.

The unpacked files are randomly named, and consist of the following:

- a Visual Basic Script file for the mass-mailing routine
- a remote access server component
- the trojan Downloader-b which attempts to download another backdoor trojan

The VBS file attempts to use MAPI to mail itself to all addresses in the Windows Address Book. The emails which it generates will have the following characteristics:

Subject: "Scene from last weekend."
Body: "Please do not forward!!!"
Attachment: SCENES.ZIP

The files dropped by the trojan are detected by current anti-virus software as:

- VBS/Generic@mm (NAI) or VBS.VBSWG.gen (Symantec)
- Downloader-b (NAI) or Dowloader.Trojan (Symantec)
- Backdoor.RS (NAI) or Backdoor.Trojan (Symantec)


Payload

Mails itself out to all addresses found in the Outlook Address Book. It drops at least two remote access trojans.

Due to the amount of user interaction required to launch the malicious code, this threat is not likely to cause mass mailing on a large scale.


Preventative Measures

Block all messages at the messaging gateway with the following characteristics:

Subject: Scene from last weekend.
Body: Please do not forward!!!
Attachment: SCENES.ZIP

As you can see its an EMAIL virus, and has NOTHING to do with StreetHop.com or any of our advertisers.

SO STOP WITH THE THREADS ALREADY, It's your problem and you need to deal with it, we are not responsible for your email account or your computer.

 

[Rukas]

I would just like to point out that Zimbabwe isnt really involved with this, Tupac Tha Great asked him to post it.

Anyway I did something that TTP apparently found too difficult, instead opting to blame StreetHop for the virus, I did some research.

The screenshot says that the virus is downloader-b.

http://www.sss.ca/sensible/home.nsf/0/41f9556769b1808b85256b3b0064e96f?OpenDocument

Virus Characteristics

The trojan arrives as an email attachment named SCENES.ZIP.

The .ZIP file contains the file SCENES.WRI, which is a Wordpad document. This document contains two embedded objects - SCENES1.JPG and SCENE2.JPG. The object named SCENE2.JPG is an embedded image named "Copy of IMG_0017.jpg".

The second object named SCENES1.JPG is actually an embedded executable named "Copy of RESULT.EXE". When opened, it executes the "Copy of RESULT.EXE" executable. Upon execution, the trojan unpacks several files into the Windows\temp folder, and then displays a JPEG using the default viewer, while it launches the mass-mailing script. It may also attempt to launch two other malicious programs.

The unpacked files are randomly named, and consist of the following:

- a Visual Basic Script file for the mass-mailing routine
- a remote access server component
- the trojan Downloader-b which attempts to download another backdoor trojan

The VBS file attempts to use MAPI to mail itself to all addresses in the Windows Address Book. The emails which it generates will have the following characteristics:

Subject: "Scene from last weekend."
Body: "Please do not forward!!!"
Attachment: SCENES.ZIP

The files dropped by the trojan are detected by current anti-virus software as:

- VBS/Generic@mm (NAI) or VBS.VBSWG.gen (Symantec)
- Downloader-b (NAI) or Dowloader.Trojan (Symantec)
- Backdoor.RS (NAI) or Backdoor.Trojan (Symantec)


Payload

Mails itself out to all addresses found in the Outlook Address Book. It drops at least two remote access trojans.

Due to the amount of user interaction required to launch the malicious code, this threat is not likely to cause mass mailing on a large scale.


Preventative Measures

Block all messages at the messaging gateway with the following characteristics:

Subject: Scene from last weekend.
Body: Please do not forward!!!
Attachment: SCENES.ZIP

As you can see its an EMAIL virus, and has NOTHING to do with StreetHop.com or any of our advertisers.

SO STOP WITH THE THREADS ALREADY, It's your problem and you need to deal with it, we are not responsible for your email account or your computer.

 

[SicC]

lol. u damn nubs.

pz