January 18, 2010 at 18:22Swine Flu on ICQ
In RuNet, another virus appeared, sent via the ICQ network. It is called, apparently, H1N1.
The virusis distinguished by intelligence - it even tries to talk with people (answers the simplest questions).
Two logs and a profile screenshot under the cut.
UPD When you open the file, the “pig” will change your password to ICQ and start sending itself on your behalf.
UPD2. Someone who is a minus, please explain why.
UPD3. If you picked it up, it’s easy to escape - password recovery via icq.com works (unless, of course, uin is tied to e-mail).
UPD4. Well, spit yourself. I won’t warn anymore - there’s not enough karma for everyone.
UPD5. itspomaI deduced an algorithm on how to decrypt my password back: habrahabr.ru/blogs/infosecurity/81172 The topic helped to see, after all.
Here is the log of two conversations with different contacts:
first:
*** (17:37:09 01/18/2010)
Direct link to download the file Piggy.zip
easyload.ru/download/?25596 (1.95 mb)
[- File sent via EasyLoad service. More information on the website: easyload.ru -]
Private Detective (18:14:18 01/18/2010)
spam
*** (18:14:26 01/18/2010)
this is not spam, I am sending it to o_O
Private Detective (18:14:33 01/18/2010)
what is this?
*** (18:14:41 01/18/2010)
flash drive about a pig) look)))
- the second:
*** (18:10:15 01/18/2010)
Direct link to download the file Piggy.zip
easyload.ru/download/?25596 (1.95 mb)
[- File sent via the EasyLoad service. More information on the website: easyload.ru -]
Private Detective (18:11:07 01/18/2010)
what is this?
*** (18:11:15 01/18/2010)
flash drive about a pig) look)))
Private Detective (18:11:30 01/18/2010)
spam)
*** (18:11:39 18 / 01/2010 )
this is not spam, I'm
sending o_O Private Detective (18:11:57 01/18/2010)
who am I? o_O
- The profile of the virus is displayed like this:
The virus
Two logs and a profile screenshot under the cut.
UPD When you open the file, the “pig” will change your password to ICQ and start sending itself on your behalf.
UPD2. Someone who is a minus, please explain why.
UPD3. If you picked it up, it’s easy to escape - password recovery via icq.com works (unless, of course, uin is tied to e-mail).
UPD4. Well, spit yourself. I won’t warn anymore - there’s not enough karma for everyone.
UPD5. itspomaI deduced an algorithm on how to decrypt my password back: habrahabr.ru/blogs/infosecurity/81172 The topic helped to see, after all.
Here is the log of two conversations with different contacts:
first:
*** (17:37:09 01/18/2010)
Direct link to download the file Piggy.zip
easyload.ru/download/?25596 (1.95 mb)
[- File sent via EasyLoad service. More information on the website: easyload.ru -]
Private Detective (18:14:18 01/18/2010)
spam
*** (18:14:26 01/18/2010)
this is not spam, I am sending it to o_O
Private Detective (18:14:33 01/18/2010)
what is this?
*** (18:14:41 01/18/2010)
flash drive about a pig) look)))
- the second:
*** (18:10:15 01/18/2010)
Direct link to download the file Piggy.zip
easyload.ru/download/?25596 (1.95 mb)
[- File sent via the EasyLoad service. More information on the website: easyload.ru -]
Private Detective (18:11:07 01/18/2010)
what is this?
*** (18:11:15 01/18/2010)
flash drive about a pig) look)))
Private Detective (18:11:30 01/18/2010)
spam)
*** (18:11:39 18 / 01/2010 )
this is not spam, I'm
sending o_O Private Detective (18:11:57 01/18/2010)
who am I? o_O
- The profile of the virus is displayed like this: