Code: Select all
[22:12:24] <censored-> ownage! htxxxxxtp://members.chello.nl/h.keuth/w00t!.pif :D
[22:12:28] <censored-> nice! htxxxxxxxxxxxxtp://members.chello.nl/a.sinnema1/sexy-bitch.pif :P
[md5 of file (both identical): e43f7b7e202ab30f6744f6a13f9ce325]
At the time of writing, both sites are up and the virus (file) is not recognized by my f-secure antivirus.
virustotal.com results:
Code: Select all
Antivirus Version Update Result
AntiVir 6.29.0.16 02.21.2005 no virus found
AVG 718 02.21.2005 no virus found
BitDefender 7.0 02.21.2005 no virus found
ClamAV devel-20050130 02.22.2005 Worm.Bropia.N
DrWeb 4.32b 02.21.2005 Trojan.MulDrop.1673
eTrust-Iris 7.1.194.0 02.21.2005 no virus found
eTrust-Vet 11.7.0.0 02.21.2005 no virus found
Fortinet 2.51 02.22.2005 no virus found
F-Prot 3.16a 02.21.2005 no virus found
Ikarus 2.32 02.21.2005 no virus found
Kaspersky 4.0.2.24 02.21.2005 IM-Worm.Win32.Bropia.j
NOD32v2 1.1005 02.21.2005 probably unknown NewHeur_PE virus
Norman 5.70.10 02.21.2005 no virus found
Panda 8.02.00 02.21.2005 no virus found
Sybari 7.5.1314 02.21.2005 no virus found
Symantec 8.0 02.21.2005 no virus found
They look similar to what I've seen, but then again... all these things look similar anyway ;).
There could be plenty of other variant msgs/urls, he already left so I couldn't ask :P.