#BAHAYA BARU PENGGUNA MESSENGER#

Vakiu Tue May 04, 2010 6:15 pm

Untuk pengunjung smadaver mungkin akhir2 ini (perkiraan virus ini baru luncur, karna pas jam 6 di terima & browsing ternyata baru ada 1 org yg nge-post, itupun dgn jeda beberapa menit yg lalu)sering menerima link berupa ''foto http://wallerimages.com/images.php atau pun foto http://joblinz.co.nz/images.php
mungkin ada beberapa varian domain lainnya, jadi kesimpulan(menurut ajojing loh) klo virus ini menyebar dgn format ''foto http://namadomain/images.php [s]SPASI virus kirim ke 9090 [/s]

Kronologi korban : Enterwebsite->save file->Run->Terhubung dgn myspace->Attack GTalk & YM

Jadi smadaver di harapkan untuk tdk membuka link apapun dgn akhirannya /images.php
*klo mau buka jugak gpp asalkan gak mendownload apa2 hohoh tapi resiko di ambil sendiri >=)

Dan kemungkinan ini adalah virus yg baru di luncurkan bisa di lihat di website site advisor dari McAfee bahwa ada yg melaporkan site tsb klo uda bahaya, yg baru di tulis pd tgl 3 mei

#UPDATE#
Code:
foto http://photo4urspace.com/image.php foto http://lmagesspot.com/image.php foto http://keralawebhosting.biz/image.php foto http://mbi-photos.com/image.php foto http://wallerimages.com/image.php foto http://memorylmages.com/image.php foto http://joblin.co.nz/image.php foto http://foto-spaces.com/image.php foto http://photos-fb.com/image.php foto http://lmages-space.com/image.php foto http://myspace-imb.biz/image.php foto http://myspace-lmg.com/image.php foto http://enfinito.net/image.php foto http://margaretiamges.com/image.php foto http://lmagesbucket.com/image.php foto http://facebook-lmg.com/image.php foto http://beautyphotoson.com/image.php foto http://myspace-lmages.com/image.php foto http://lmages.net/image.php foto http://lmages-space.com/image.php foto http://myspace-imb.biz/image.php foto http://lmb-space.com/image.php foto http://facebook-lmages.com/image.php foto http://facebook-imb.com/image.php foto http://yungimages.net/image.php foto http://mimapic.com/image.php foto http://post-photos.com/image.php foto http://domimages.net/image.php foto http://limpskr.com/image.php foto http://kompnk.com/image.php foto http://yunphotos.net/image.php foto http://domeimg.com/image.php foto http://vertiphotos.com/image.php foto http://myphotoarchives.net/image.php foto http://mycomimg.com/image.php foto http://smallimg4u.com/image.php foto http://miggiphotos.com/image.php foto http://funwiththisguy.com/image.php foto http://ariafotos.com/image.php foto http://zhelefun.com/image.php foto http://tviceimg.com/image.php foto http://tusfbfotos.com/image.php foto http://twittersphoto.com/image.php foto http://tuesimages.com/image.php foto http://red-myspace.com/image.php foto http://tvicephotos.com/image.php foto http://ceceliaimg.com/image.php foto http://enfinito.net/image.php

membuat beberapa file
Code:
C:\Windows\mds.sys C:\Windows\mdt.sys C:\Windows\winbrd.jpg C:\Windows\infocard.exe C:\Program Files\infocard.exe C:\Program Files\mds.sys C:\Program Files\mdt.sys C:\Program Files\winbrd.jpg C:\Users\Public\mds.sys C:\Users\Public\ mdt.sys C:\Users\Public\ infocard.exe C:\Users\Public\ winbrd.jpg C:\Documents and Settings\Administrator\ mds.sys C:\Documents and Settings\Administrator\mdt.sys C:\Documents and Settings\Administrator\infocard.exe C:\Documents and Settings\Administrator\winbrd.jpg C:\Documents and Settings\<USER>\ mds.sys C:\Documents and Settings\<USER>\mdt.sys C:\Documents and Settings\<USER>\infocard.exe C:\Documents and Settings\<USER>\winbrd.jpg

menambah registry
Code:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]“Firewall Administrating”=”C:\\WINDOWS\\infocard.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]“Firewall Administrating”=”C:\\WINDOWS\\infocard.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentV ersion\Run]“Firewall Administrating”=”C:\\WINDOWS\\infocard.exe” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\StandardProf ile\AuthorizedApplications\List]“C:\\Documents and Settings\\<USER>\\Desktop\\IM56245.JPG-www.myspace.com.exe”=”C:\\WINDOWS\\infocard.exe:*: Enabled:Firewall Administrating” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]“C:\\Documents and Settings\\<USER>\\Desktop\\IM56245.JPGwww.myspace. com.exe”=”C:\\WINDOWS\\infocard.exe:*:Enabled:Fire wall Administrating” [HKEY_USERS\S-1-5-21-117609710-764733703-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Run]“Firewall Administrating”=”C:\\WINDOWS\\infocard.exe”

Untuk registry uda beberapa bisa Smadav tangani, tapi untuk penyembuhan lebih lanjut gunakan Malwarebytes
atau pun system restore