February 15, 2007 at 13:50Please pliz my new site - www.counter-pr.info
Over the past month, I received a message of the following content from several of my ICQ contacts: “ Please evaluate my new site - www.counter-pr.info ”. And all, the contact immediately disappears from the online. Attempts to ask a question, but what it was about, did not bring success - the contacts were silent. Interested in this phenomenon, I decided to google it . The results are more than interesting ...
Firstly, as it turned out, this is a trojan that, when entering the site, asks for the downloader, which, in turn, downloads the second downloader with the trojan. This worm begins to send messages to your contacts from ICQ with offers to visit their site. The calculation is just completely true: for sure, many will follow the link that a friend sends you. The result is another infected computer that starts sending messages.
Secondly, Viruslist reports the following thing:
In general, citizens, the conclusion is the most standard and painfully familiar: we do not open links from obscure sites, even from friends.
UPD: at www.weaponplace.ru/forum/showthread.php?s=40602ca4b72b8017647f233eb7b5a36d&t=984&goto=nextnewest found excellent info on how to get rid of this muck.
Firstly, as it turned out, this is a trojan that, when entering the site, asks for the downloader, which, in turn, downloads the second downloader with the trojan. This worm begins to send messages to your contacts from ICQ with offers to visit their site. The calculation is just completely true: for sure, many will follow the link that a friend sends you. The result is another infected computer that starts sending messages.
Secondly, Viruslist reports the following thing:
Yesterday, one of the users of Kaspersky Anti-Virus received a signal about incomprehensible browser actions when browsing www.5757.ru : the second page spontaneously opened, and the web antivirus showed a warning about downloading the Trojan. The user went to this site after seeing an advertisement on television.
In the process of analyzing the page, it turned out that the user almost became a victim of an attack by attackers. The Trojan-Downloader.JS.Psyme.ct Trojan download script was embedded in the main page of the site , which in turn tried to download and run the Trojan-Downloader.Win32.Tiny.eo program . Another Trojan is currently downloading from the site:
Further research has shown that in addition to the sitewww.5757.ru at least 470 servers were subjected to a hacker attack (the result of a request to Google on a line from an embedded script). One thing was common for these servers: all of them were located on the site of the hosting provider Valuehost.
In general, citizens, the conclusion is the most standard and painfully familiar: we do not open links from obscure sites, even from friends.
UPD: at www.weaponplace.ru/forum/showthread.php?s=40602ca4b72b8017647f233eb7b5a36d&t=984&goto=nextnewest found excellent info on how to get rid of this muck.