Below is quoted from: microsoft.public.win98.gen_discussion
[quote]
From Malware Maven & MVP Mike Burgess, to whom I'd forwarded Steve Burn's
first post in this thread:
<paste>
You can safely view the hijack here:
http://www.samspade.org/t/safe?u=http%3A%2F%2Fhitq.com%2Fnav.html%3FAgentCod
e%3Denamecorp
This installs the following:
http://nav.HitQ.com/hitQX.cab
(hitQX.ocx)
http://nav.goi.com/goixX.cab
(goixX.ocx)
http://nav.hitq.com/HitQ.exe
http://nav.hitq.com/HitQUninstall.exe
http://nav.hitq.com/HitQnavi.dll
Note: these files are "Packed: UPX"
I unpacked them and the only mentioned URLs are "hitq.com"
http://go.hitq.com/search.php?word=%s&AgentCode=%s
refreshes to:
http://big****tal.com/
loads:
http://nav.goi.com/goixX.cab
Note: all the above URLs are owned by the same person:
KIM HYUNGHO
</paste>
--
~PA Bear
[/quote]
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
Disclaimer:
I know I'm probably wrong, I just like taking part ;o)
YoKenny <YKnot@[EMAIL PROTECTED]
> wrote in message
news:dU_Lb.70450$AJB.32854@[EMAIL PROTECTED]
> Steven Burn wrote:
> > [quoted from: microsoft.public.win98.gen_discussion]
> >
> > The Microsoft MVPs have a web domain, mvps.org, which contains what
> > we hope are a lot of useful articles aimed at being of help to users
> > of Windows.
> >
> > We have become aware that there is another domain, mvp.org without
> > the s, and would advise you all that this has no connection with the
> > Microsoft MVP program or its members, and may put visitors at risk
> > of "drive-by" installs of malware.
> >
> > Robear Dyer (PA Bear)
> > Alex Nichol
> > Doug Knox
> > Kelly Theriot
> > Ken Blake
> >
> > Microsoft MVP program
> > http://mvp.sup****t.microsoft.com
> >
> > [/quote]
>
> Looks like another CWS mutation. Uses IFRAME to redirect to
> xyz.getfound.com where xyz is www to prevent click-through
>
> HOSTS file material.
>
|
