Send them the file
don’t know what conclusions to draw from this, can’t say I like it though :-[
MSE is going great. But wait when Avast! 5 is out and its going 1 month after his release. Its will rock im sure.
I don’t either, but probably not for the reasons you don’t. Given that this file is a .wmv Windows Media Video file (if that file type is correct), then yes it is possible to exploit these files (or rather the media player), I’m not sure that it could be a trojan downloader in its own right.
So one thing for sure it needs more investigation.
What do you think I’ve done
Great. They will be happy. ;D
Heh, checked the sample and it’s exactly the one I don’t know what to think about it.
Yes, it does open some window or something, but it leads you to Gamevance.com. Yes, it’s adware. And…?
In browser, the links brings me to the citizenship lottery and the czech variant of onlinegame Travian.
Heh, checked the sample and it’s exactly the one I don’t know what to think about it.
Yes, it does open some window or something, but it leads you to Gamevance.com. Yes, it’s adware. And…?
In browser, the links brings me to the citizenship lottery and the czech variant of onlinegame Travian.
So it is really a virus ?
I don’t think so. It’s a media file which redirects you to some kind of ad redirector.
Maybe its a Adware Redirector ? Maybe check the html and script of the websited redirected ?
I did that, they’re just normal sites, maybe ad driven, but definitely nothing malwarish.
Heh, checked the sample and [b]it's exactly the one I don't know what to think about it[/b].
A possible adware, perhaps.
Yes, it does open some window or something, but it leads you to Gamevance.com. Yes, it's adware. And...?
So more would need to be know about the file, like what Tech thought it was he would install of this E:\ drive. Like if it were game related would it be a) unreasonable for it to be ad supported and b) go to a games related site. Albeit one with a poor rep according to WOT, http://www.mywot.com/scorecard/gamevance.com also see https://safeweb.norton.com/report/show?name=gamevance.com.
I would only doubt the classification as a trojan.downloader as it doesn’t appear to be downloading anything, but redirecting/opening a web page, which may or may not have an exploit to do driveby downloads.
http://wepawet.iseclab.org/view.php?hash=d69c6388b7953b9738ebf5605254ee29&t=1255045399&type=js Look here too its look strange ?
Yes, but that is the web site (again with no real issues reported) and not the actual file, which was my point on the classification of the files detection rather than where it points. If it were to a known malicious site with active exploits/driveby downloads, then it would be more clear cut.
Here’s a Whois on gamevance.com
Registrant: [b]Future Ads, LLC[/b] 1920 Main St, Suite 550 Irvine, CA 92614 USRegistrar: DOTSTER
Domain Name: GAMEVANCE.COM
Created on: 13-MAR-07
Expires on: 13-MAR-15
Last Updated on: 04-MAY-09Administrative Contact:
Ads, Future info@futureads.com
Future Ads, LLC
1920 Main St, Suite 550
Irvine, CA 92614
US
866-394-1786
949-251-0680
Bolded part mine.