SkypeSetup Rogue Download

• Previous message (by thread): google noc
• Next message (by thread): Malicious code just found on web server 13E-7EB
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could be a local trojan inserting bogus entries on the hosts file,
could be DNS poisoning on one particular resolver, or an infection on
the distribution source.


Rubens



On Sun, Apr 19, 2009 at 5:55 PM, Mari Nichols <mari at imarsolutions.com> wrote:
> I believe the file is originating directly from Skype.  Our writer
> stated that he had tried download.com's version and it was clean
> against VT.  I'm on ISC handler duty today, just wondering if anyone
> had seen this happening.
>
> Mari Nichols
> HoD
>
>
>
>
> ________________________________
> From: Paul Ferguson <fergdawgster at gmail.com>
> To: Mari Nichols <mari at imarsolutions.com>
> Sent: Sunday, April 19, 2009 4:31:06 PM
> Subject: Re: SkypeSetup Rogue Download
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, Apr 19, 2009 at 12:55 PM, Mari Nichols <mari at imarsolutions.com>
> wrote:
>
>> Has anyone seen anything like this?
>>
>> http://www.virustotal.com/analisis/f58203f8d5cb98628eaa785e27c9e059
>>
>
> Hi,
>
> Could you provide the URL where that file is located?
>
> Thanks,
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.5.3 (Build 5003)
>
> wj8DBQFJ64oEq1pz9mNUZTMRAs4MAJ9x8vwDJzMEnci72jEK7hNEd2NmdQCfRUgE
> B4Se4ZXdcTaoT4h1SHfmC4Q=
> =wXNG
> -----END PGP SIGNATURE-----
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawgster(at)gmail.com
> ferg's tech blog: http://fergdawg.blogspot.com/
>

• Previous message (by thread): google noc
• Next message (by thread): Malicious code just found on web server 13E-7EB
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]