Another breed of msn viruses is out in the wild.
This time it links to facebook-photo.org / image.php?=PIC…..JPG?
which is a Windows type .exe file when you download the link.
I sent the file to Virustotal for analysis, seems like a lot of virus scanners don’t recognize it just yet: Result: 7/42 (16.67%)
McAfee says “Artemis!AC20BF7EE912″, F-Secure identifies it as “Trojan:W32/Agent.NRY”.
Whatever this nasty bugger does, DO NOT CLICK ON THE LINKS you get from your friends on MSN. And don’t be so stupid to actually install the .exe…
Since this file most certainly has no good intentions, the scan result SHOULD show lots more warnings… but it’s frightening that there aren’t more of them. But maybe some info will emerge in the next few days.
I know for sure Microsoft already blocks certain types of links or messages on their MSN network. I wonder if they have an infrastructure to block virus links like this? I assume it’s easy for them to blacklist a few keywords or text patterns and disable sending them via the MSN protocol. Yet, I’ve received numerous messages from my contacts during the course of the day containing this virus/trojan link.
It’s not even a holiday, what’s taking them (MSN and the virus scanner vendors) so long to fix this? Yes, I expect problems like this to be corrected in a few hours or even minutes, not 20 hours and counting! They are failing their duties.
Whois is Facebook-photo.org?
http://www.aawhois.com/facebook-photo.org
Bunbury
6230
AU
IP address: 98.124.198.1
Location: Bellevue, WA, UNITED STATES
Updated virus analysis
http://www.virustotal.com/analisis/73b2968c737adf5ba9c2fc828c9880160416302668413544adc7d00308f20b71-1268409452
Much better now: “Result: 26/42 (61.91%)” gives a good indication this file is malicious.