>From the Google searches, the BMP files are a Trojan downloader, and drops >some files in system32 and other places, replaces search engine etc etc. >Typical malware/spyware behavior. http://devirusare.com/2010/04/30/yahoo-messenger-virus-httpzhelefun-comimage-php-si-httptviceimg-comimage-php/
Just one of the files downloaded from the site: http://www.virustotal.com/analisis/df500dc980cdf83cde62c692f866e6169d550ed82b1c0272b8830b63d633422e-1272822830 Probably time to start blocking sites via web filtering and blackholing DNS zones accordingly. That and the normal, wipe the PC that got nailed and all the password/etc etc changing for the user accordingly. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 [email protected] From: Garcia-Moran, Carlos [mailto:[email protected]] Sent: Tuesday, May 04, 2010 9:07 AM To: NT System Admin Issues Subject: Yahoo / IM Virus New?? Hey all; So of my users are reporting getting a link to a PHP page in the Yahoo Chats from Known contacts, once clicked (of course they did) it scans through their IM contacts and sends the exact link to all of them. Just a heads up, don't know if it's new or not but 1st time I've seen it. In case anyone gets it, ours is like this "foto http bflmages com / images php" add dot's and stuff of course Cheers! Carlos Garcia-Moran _________________________________________________________ This e-mail, including attachments, contains information that is confidential and may be protected by attorney/client or other privileges. This e-mail, including attachments, constitutes non-public information intended to be conveyed only to the designated recipient(s). If you are not an intended recipient, you are hereby notified that any unauthorized use, dissemination, distribution or reproduction of this e-mail, including attachments, is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify me by e-mail reply and delete the original message and any attachments from your system. _________________________________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
