UGN Security Forums UGN Security: Underground General MSN Messenger Virus???

Anyone seen this kind of behavior before? I got a contact who keeps spamming me with this:

***WARNING*** Do not run the file that the link points at.

It points to a file called 45265.exe and when I scan it with NAV it comes back clean. I seriously doubt that assessment though.

Anyone encountered this? Any idea what I'm looking at here?

i have yet to see that...

I had a mate who had a similar problem on his msn. His msn had been hijacked and a virus was sending similar msg's to his contacts telling them to download a file (virus). He said he didnt know it was doing it until people started complaining he was sending them virus's.
I did a google searcg for the exe and didnt find anything at all.

Yeh, I did the same search. After it turned back nothign I started asking

After searching for the last hour it looks like this one is brand new. Found some references that are identical to what I saw, but nothing much older than 24 hours.

So there you go people. You heard it here first. New MSn virus out there. Keep your eyes open.

This UGN Security Advisory brought to you by the folks at UGN Security

I do not use MSmsger because I try to minimize the microsoft products I need to use. If you ask me you are asking for it using messenger.

i have 2 friends who ONLY use MSN, so if i never want to hear from them then i have to use it which sucks cause MSN doesnt seem to like my web cam so those 2 friends dont get to see the baby live...

I only have msn but am thinking of downloading trinity cause some of my friends do have AOL.

Still no info on the virus?

Note: I just realised that I said trinity, it should read trillian.

Ive heard from a friend that its not hard to delete...

I helped a friend clean that from his system. I'm not a whiz at computers, but I do know more than the novice would know, any novice would be caught by this, but the more experienced among us will be able to clean this out with no trouble.

The computer that tried to infect me, and some friends over msn, is known to go by the name "Afroman" e-mail: [email protected]

If someone like that adds you, delete and block.

You know you're talking to the guy who DOES NOT have windows installed on anything he owns right? Linux/Gaim over here :p I'm just looking out for those less fortunate than me who actually use the real MSN client

Incedently, I've seen a few news reports and advisories on this now. How about that folks; UGN was prolly the first on the net to issue an advisory on this badboy. Yay us!!! :p

EDIT:

WOOHOO!!! This post is on the FIRST page of results when searching for the name of the file:

http://www.google.com/search?q=45265.exe&start=....mozilla:en-US:unofficial

The other day when I posted this it came back with no results.

I says goddamn!

Second Edit:

kk, looks like this might be our boy:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tixanbot.html

Says discovered Aug 22 (notice my aug 21 post :p )

I LOVE BEING BETTER AND NORTON! uNF

I dub this "w32.l33terthanyuo.worm" :nod: