new virus

system · December 14, 2008, 7:59pm

hey all … a new virus … it send automesseges in windows live messenger contains the following link :

hxxp://site.facebooky.net/viewimage.php

or

hxxp://site.facebooky.net/viewimage.php?=email

like : hxxp://site.facebooky.net/viewimage.php?=name@domain.com

i

Lisandro · December 14, 2008, 8:17pm

I’m not being able to scan both links you’ve posted with Dr. Web plugin. Maybe the service is down.
But, anyway, it will be good to not post a live link to malware or false positives.

misak · December 14, 2008, 8:26pm

I have already downloaded files from these URLs. All files are the same and will be detected in next VPS update.

DavidR · December 14, 2008, 8:38pm

Since the domain name is a look alike facebook it is most likely that it will be suspect/infected and or php pages can be hacked if the php software isn’t up to date.

Please modify your post and change the http to hXXp to break active links and avoid accidental exposure, e.g. hXXp://site.facebooky.net/viewimage.php.

Edit: Done by misak, thanks.

Lisandro · December 14, 2008, 8:41pm

Thanks misak for the detection.
Thanks Shaheen for helping improving detection.

polonus · December 14, 2008, 9:24pm

Hi Tech,

Thanks to both - this is the right attitude “first the alert, then the detection”.

pol

system · December 15, 2008, 11:13am

hey all … i’ve got the new VPS update and the site is blocked now

thanks for fast respond … best wishes

Lisandro · December 15, 2008, 11:33am

Welcome to avast forums

DavidR · December 15, 2008, 2:18pm

Quite common on the avast forums ;D

Welcome to the forums.

new virus

Announcements