MSN worm / virus g00d-stuff.com epidemic launch

Gönderen ceoxi 14 Ağustos 2008 Perşembe Etiketler: ,

MSN worm / virus g00d-stuff.com epidemic launch

This page describes the http://g00d-stuff.com MSN virus/worm (also known as PICS FOR MSN FRIENDS), that has been activated on Aug 14th, it's sources and methods of infection, vulnerable platforms/browsers, methods of removal of http://g00d-stuff.com and similar MSN viruses/worms.

  1. Information about http://g00d-stuff.com and similar sites
  2. http://g00d-stuff.com sources
  3. Malicious linked website forms and variations
  4. Vulnerable platforms/browsers
  5. First things to do
  6. How to remove http://g00d-stuff.com MSN virus from your system
  7. References

Information about http://g00d-stuff.com and similar sites

g00d-stuff.com is an MSN worm that spreads through MSN instant messenger with provoking text description, encouraging users to follow the attached link.

Sources of infection

MSN user receives a text message from one of the users in his contact list. A message can sometimes contain a provoking text and always contains a link to a site, containing a virus.

Provoking message can be one (but not limited to) of these:

  • "Album photo.zip"
  • oh you and me? nah its me the clown again"
  • "lool someone put ur photo here: D"
  • "i want you to swim with me! send this file to swim with me!"
  • "lool someone put ur photo here: D"
  • "lol someone has put your photo here: D"
Embedded link can be one of these:

  • g00d-stuff.com
  • username.bl1ng.info
  • username.jumphost.info
  • username.n1cestuff.info
  • checkdiz.info
  • username.awes0me.info
  • username.ther1ng.info
  • username.snapsh0t.info
  • username.da-real-deal.info
  • username.ch33se.info
  • c0ol-th1ng.info
  • imgeshack.info
  • m0bil3.info
  • imageloko.info
  • imagedino.info
  • imagealina.info
  • hostapic.info
  • holyimage.info
  • imagrshak.info
  • get-that-stuff.info
  • coooool.info
  • datsyou.com
  • is-thatt-you.com
  • is-dat-u.com
  • thatzyou.com
After visiting, the virus uses an unknown yet vulnerability of Firefox/Internet Explorer to infect the victims machine and distribute itself by sending links to further contacts.




Malicious website forms and variations

There are two known forms of g00d-stuff MSN worm page: The PICS FOR MSN FRIENDS phishing page and "FREE RINGTONES, WALLPAPERS, JAVA-GAMES" page etc.

PICS FOR MSN PAGE will look similar to MSN login interface and will ask you to enter your MSN login credentials to proceed. DO NOT enter your credentials there under any circumstances.

"FREE RINGTONES, WALLPAPERS, JAVA-GAMES" page looks like this (photo from Switzerland):

g00d-stuff.com virus-infected page appearance for swiss users

Both pages are heavily booby trapped with viruses and exploits, and if you use Windows and Firefox lower then version 3.0 or Internet Explorer - you are probably already infected.







Vulnerable platforms/browsers

List of known vulnerable platforms:

  • Windows 95/98/Me/2000/XP/2003/Vista
List of known vulnerable browsers:

  • Internet Explorer
  • Firefox 2.0

First things to do

  1. First of all - DON'T PANIC! :)
  2. It really helps not to open the link, enclosed in the text message. However, you have probably already opened it - and that's why you are here
  3. Try to notify your friends and warn them not to open any links they will receive. You can specify this page as a reference why
  4. You can also set a warning message as your status in MSN
  5. And if you didn't open the link - you are pretty much done :) If you actually did and you notice that you keep sending links to other people - proceed to g00d-stuff removal instructions





How to remove http://g00d-stuff.com MSN virus from your system

  1. Download MSNFix utility (yes, it is safe - I can clearly state it after checking the batch file code and finding other reputable sources linking to it).
  2. Extract the contents into some directory on your hard drive (for example, C:\MSNFix)
  3. Run MSNFix.bat
  4. Choose your language
  5. Press R to start virus scan
After test and removal is performed (so you don't have any spyware/malware/keyloggers on your machine), you will need to reclaim your MSN account:

1. Go to http://login.live.com web page and click on Forgot Your Password.
2. Type in your MSN e-mail address, type the characters that appear in the Picture box, and click Continue.
3. Click Send yourself a password reset e-mail message.
4. Click Send Message.
5. Click Done on the confirmation page.
6. Open your e-mail and follow the link in the e-mail message to reset your password.
7. On the Confirm your e-mail address page, type your e-mail address, and then click Continue.
8. Type your new password two times, and then click Continue.
9. If you want to enter an “alternate” e-mail address, type the address two times, and then click Continue. If you do not want to enter an “alternate” e-mail address, click Skip.
10. When you receive the “You’ve changed your password” message, click Done.

Share this post!

Bookmark and Share

0 yorum:

Yorum Gönder

Yorum Yazarken Türkçemizi Doğru Kullanalım!