Somone Spreading Trojans Through AIM (READ)

[Fishy80]

Just thought I would let people know, that someone is trying to use AIM to get people to download their Trojan.

they message you saying "Thank you for being apart of WoW exploiting, this is the all-around bot you were promised. Play safe AND REMEMBER, ITS ALWAYS GOOD TO SCAN ANY FILES."

at which time you recieve a file transfer with a "~WoWExploiting Java Bot.exe" I accepcted, and then scanned the file, which of course came up as...

AhnLab-V3 2007.4.3.0 04.02.2007 no virus found
AntiVir 7.3.1.47 04.02.2007 HEUR/Crypted
Authentium 4.93.8 03.31.2007 Possibly a new variant of W32/CrazyCrunch-based!Maximus
Avast 4.7.936.0 04.02.2007 Win32:Delf-DOR
AVG 7.5.0.447 04.02.2007 no virus found
BitDefender 7.2 04.02.2007 no virus found
CAT-QuickHeal 9.00 04.02.2007 (Suspicious) - DNAScan
ClamAV devel-20070312 04.02.2007 no virus found
DrWeb 4.33 04.02.2007 no virus found
eSafe 7.0.15.0 04.02.2007 suspicious Trojan/Worm
eTrust-Vet 30.6.3535 04.02.2007 no virus found
Ewido 4.0 04.02.2007 no virus found
FileAdvisor 1 04.02.2007 no virus found
Fortinet 2.85.0.0 04.02.2007 suspicious
F-Prot 4.3.1.45 03.30.2007 W32/CrazyCrunch-based!Maximus
F-Secure 6.70.13030.0 04.02.2007 no virus found
Ikarus T3.1.1.3 04.02.2007 Trojan-Spy.Win32.Delf.JQ
Kaspersky 4.0.2.24 04.02.2007 no virus found
McAfee 4998 04.02.2007 no virus found
Microsoft 1.2306 04.02.2007 TrojanSpy:Win32/Logsnif.gen
NOD32v2 2163 04.02.2007 probably a variant of Win32/Spy.Delf.JG
Norman 5.80.02 04.02.2007 no virus found
Panda 9.0.0.4 04.02.2007 Suspicious file
Prevx1 V2 04.02.2007 no virus found
Sophos 4.16.0 03.30.2007 no virus found
Sunbelt 2.2.907.0 03.31.2007 VIPRE.Suspicious
Symantec 10 04.02.2007 no virus found
TheHacker 6.1.6.084 04.02.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.3 04.01.2007 suspected of Malware.Delf.11 (paranoid heuristics)
VirusBuster 4.3.7:9 04.02.2007 no virus found
Webwasher-Gateway 6.0.1 04.02.2007 Heuristic.Crypted

and I assume they forgot what they messaged me with because they then said " Have you registered for our contest?"

so then I asked for a little more info and they tried to say they were from taultunleashed and that someone registered my AIM for their contest blah blah blah..

well anyway, this screen shot shows their ip address.. I did a whois on it and it said they were at a Hilton hotel... so i would just try and find anyone who has been viewing this site, and ban them if they came from that ip address




trojaning through the game, with people you don't know... sure go right ahead, but trojaning fellow members of your community is BS...

dunno if they were just targeting me... or if they are going through whole community's... but just wanted to warn people just in case... it may only be going on at tault... or it may be here too..

if anyone would like this file for any reason, lemme know.

[Matt]

i looked up both ip addresses and neither were used by any member on this forum.
sorry.

[Fishy80]

okedoke oh well, but if anyone see's anything like this, now you know, (and in case he changes it around at all, you can see the .exe he sent me on my desktop, so thats what the icon looks like..