Worm Infected

[Yanto.Chiang]

Dear All,

Does anybody know about this worm?

http://www.google.co.id/search?q=foto++http%3A%2F%2Ffoto-spaces.com%2Fimage.php&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Because some users has been infected by this kind worm : foto  http:// foto-spaces. com / image. php

Please kindly advice,

[Yanto.Chiang]

Dear All,

Apparently this worm capable detected by avast! from network shield and web shield moduls as favico.ico


cheers,

[polonus]

Hi Yanto.Chiang,

Apparently they are taking the worm off: 503. Service Unavailable
This is a survey of all sites that were affected:
http://www.faravirusi.com/2010/05/02/solutie-virus-yahoo-messenger-%E2%80%93-%E2%80%9Cfoto-httpariafotos-comimage-php-sau-httptviceimg-comimage-php%E2%80%9D/

polonus

[Yanto.Chiang]

Hi Polonus,

Thanks for your kindly advice,

Yes, they are taking to turn off their worm server.
But this case happened few days ago, and infected quite a lot of user in Indonesia. But we had tried at office, and apparently avast! able to blocked this worm and identify as favicon.ico malware.

cheers,

[polonus]

Hi Yanto.Chiang,

More info here: http://malwaredatabase.net/blog/index.php/tag/malicious-domains/

MBAM is known to remove this malware,

polonus