Of Viruses and Weird shit Mysterious.

GEC: Discuss gaming, computers and electronics and venture into the bizarre world of STGODs.

Moderator: Thanas

Post Reply
User avatar
Boyish-Tigerlilly
Sith Devotee
Posts: 3225
Joined: 2004-05-22 04:47pm
Location: New Jersey (Why not Hawaii)
Contact:
Contact Boyish-Tigerlilly

Of Viruses and Weird shit Mysterious.

Post by Boyish-Tigerlilly »

This is a chat log I had on AIM today. I had some weird chatworm. Don't know how I got it, but just so everyone else knows:

Someone on my friends list sent me some stupid picture and it gave it to me. I didn't think anything of it, since it was a friend. But then it started to randomly send people links to shit that I never sent them. I got it taken care of, but take care. Apparently it moves through impersonating people on your friends list.

Einhander Sn0m4n: http://us.mcafee.com/virusInfo/default. ... s_k=133908
Pinkish Pixi: Is that really you...or someone else!
Einhander Sn0m4n: this is me
Pinkish Pixi: ahh thx
Pinkish Pixi: someone else gave me Aimfix too
Pinkish Pixi: ill get em both
Einhander Sn0m4n: I don't shit worms on people, wouldn't know how :-)
Pinkish Pixi: haha
Pinkish Pixi: I really don't even know how it happened. ArisNight7 gave it to me
Pinkish Pixi: but I know him lol
Pinkish Pixi: he's like HERE look at this!
Einhander Sn0m4n: I think it's a Kelvir worm variant
Einhander Sn0m4n: thats how they spread
Pinkish Pixi: ahhh
Pinkish Pixi: I am not familiar with that one? Any discription place?
Einhander Sn0m4n: http://www.google.com/search?q=kelvir&s ... S:official
Pinkish Pixi: thx
Einhander Sn0m4n: several bazillion variants too
Einhander Sn0m4n: post this in G+C too
Pinkish Pixi: the link?
Einhander Sn0m4n: your situation, or the whole chatlog
Pinkish Pixi: ahh cool, I will now
Einhander Sn0m4n: good
Top
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Post by Einhander Sn0m4n »

It's a 'picture.com' file from 'secure.stronghit.com' this worm keeps spamming. It likes to disguise the link as a legitimate-looking URL:

Code: Select all

[20:19] PinkishPixi: damn this looks just like me lol (Link: http://secure.stronghit.com/picture.com)http://pictures.google.com/common/pictures/user48593.jpg

[20:20] PinkishPixi: hey heres my new picture (Link: http://secure.stronghit.com/picture.com)http://picture-uploads.net/today/dsc91837.jpg
like so. Googling 'picture.com' reveals a link to the Kelvir IM worm. This particular variant isn't picked up by any AV scanner either of us has tried.
Image Image
Top
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Post by Einhander Sn0m4n »

Traceroute: Stronghit.com

Code: Select all

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\usa>tracert stronghit.com

Tracing route to stronghit.com [66.98.158.232]
over a maximum of 30 hops:

  1    10 ms    13 ms    12 ms  10.128.0.1
  2    10 ms    11 ms    39 ms  68.11.12.17
  3    33 ms    22 ms    10 ms  mctydsrc02-gew0304.rd.no.cox.net [68.11.14.17]
  4    13 ms    11 ms    11 ms  mctydsrc01-gew03020997.rd.no.cox.net [68.1.0.72]

  5    11 ms    12 ms    14 ms  btnrbbrc02-pos0102.rd.br.cox.net [68.1.1.200]
  6    12 ms    13 ms    12 ms  btnrbbrc01-pos0101.rd.br.cox.net [68.1.1.204]
  7    21 ms    25 ms    22 ms  dllsbbrc02-pos0102.rd.dl.cox.net [68.1.0.67]
  8    21 ms    25 ms    23 ms  dalsbbrj01-so030003.r2.dl.cox.net [68.1.0.137]
  9    23 ms    23 ms    21 ms  dllstx2wcx1-pos5-2.wcg.net [64.200.232.213]
 10    22 ms    27 ms    26 ms  dllstx2wcxa-pos9-0.wcg.net [64.200.110.193]
 11    27 ms    30 ms    37 ms  hstntx1wcx3-pos1-0-oc192.wcg.net [64.200.210.66]

 12    26 ms    26 ms    28 ms  hstntx1wcx1-pos9-0-oc48.wcg.net [65.77.93.213]
 13    28 ms    39 ms    41 ms  hstntx1wce2-everyonesinternet-gige.wcg.net [65.7
7.93.54]
 14    29 ms    29 ms    29 ms  ivhou-207-218-245-29.ev1.net [207.218.245.29]
 15    28 ms    42 ms    29 ms  ivhou-207-218-223-115.ev1.net [207.218.223.115]

 16    30 ms    40 ms    27 ms  www.stronghit.com [66.98.158.232]

Trace complete.

C:\Documents and Settings\usa>
Their ISP is EV1.net apparently. Time to ask for a takedown...
Image Image
Top
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Post by Einhander Sn0m4n »

Sam Spade wrote: Server Used: [ whois.stargateinc.com ]

stronghit.com = [ 66.98.158.232 ]
Domain Name: stronghit.com
Name Servers
ns1.stronghit.com
66.98.158.230
ns2.stronghit.com
66.98.158.231
Domain Created: 4/17/2002
Domain Expires: 04/17/2006
Registrant
VSPNetwork Inc.
2761 Ryewood Ave D
Copley Ohio 44321
United States
email: admin@vspnetwork.com

phone: 12168036751
fax: 12168036751
Administrative
VSPNetwork Inc.
2761 Ryewood Ave D
Copley Ohio 44321
United States
email: admin@vspnetwork.com

phone: 12168036751
fax: 12168036751
Technical
VSPNetwork Inc.
2761 Ryewood Ave D
Copley Ohio 44321
United States
email: admin@vspnetwork.com

phone: 12168036751
fax: 12168036751
Billing
VSPNetwork Inc.
2761 Ryewood Ave D
Copley Ohio 44321
United States
email: admin@vspnetwork.com

phone: 12168036751
fax: 12168036751
The Data provided by Stargate Holdings Corp. Whois Service is provided on an "as is"
basis and its accuracy is not guaranteed. By accessing and/or using the Data provided
by Stargate Holdings Corp.' Whois Service you agree to use this Data only for
lawful purposes and you agree not use to this Data to:
(1) allow enable or otherwise support the transmission of unsolicited advertising or
solicitations via email (spam);
(2) enable any high volume or automated electronic processes.
This whois server has a maintenance window between 11 PM and midnight CST daily.
Image Image
Top
Post Reply

Return to “Gaming, Electronics and Computers”