Could be a local trojan inserting bogus entries on the hosts file, could be DNS poisoning on one particular resolver, or an infection on the distribution source.
Rubens On Sun, Apr 19, 2009 at 5:55 PM, Mari Nichols <[email protected]> wrote: > I believe the file is originating directly from Skype. Our writer > stated that he had tried download.com's version and it was clean > against VT. I'm on ISC handler duty today, just wondering if anyone > had seen this happening. > > Mari Nichols > HoD > > > > > ________________________________ > From: Paul Ferguson <[email protected]> > To: Mari Nichols <[email protected]> > Sent: Sunday, April 19, 2009 4:31:06 PM > Subject: Re: SkypeSetup Rogue Download > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, Apr 19, 2009 at 12:55 PM, Mari Nichols <[email protected]> > wrote: > >> Has anyone seen anything like this? >> >> http://www.virustotal.com/analisis/f58203f8d5cb98628eaa785e27c9e059 >> > > Hi, > > Could you provide the URL where that file is located? > > Thanks, > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.3 (Build 5003) > > wj8DBQFJ64oEq1pz9mNUZTMRAs4MAJ9x8vwDJzMEnci72jEK7hNEd2NmdQCfRUgE > B4Se4ZXdcTaoT4h1SHfmC4Q= > =wXNG > -----END PGP SIGNATURE----- > > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawgster(at)gmail.com > ferg's tech blog: http://fergdawg.blogspot.com/ >
