Network Admins: Hey, is this your picture?? MSN Virus

24 January 2008

Hey, is this your picture?? MSN Virus

I got a message from a firend in MSN that said Hey, is this your picture?? followed by a link to a website mymsnpictures.com. Appon following the link a file was downloaded to my machine. The file was a .com file which kind of set off some red lights in my head.
So I tried scanning the file with Trend Micro Office Scan Client and it didn't pick up anything.
So I then decided to try the following online scanners:

Trend Micro House Call
Bit Deffender Online Scanner
kaspersky Online Scanner

None of them picked up anything. So curiousity got the better of me and I decided to open the file.
At that point Windows Defender started screaming like mad!
I imagine that shortly after that multiple MSN windows opened and closed in quick succession on my PC, but I have not been able to verify that yet as I pulled out my network cable. None of my msn contacts have complained yet, but I suggest you ignore any links to pictures in MSN for now.

I will keep you posted as I am currently doing full system scans with Trend and with windows defender.

6 comments:

Anonymous said...: Hey

I received a similar message too! Once bitten, twice shy (i got such a virus before) so i didn't open it. Luckily may i add :)

cheers; 24 January 2008 at 01:52
Nicholas Kwan said...: I saw this virus in action as well. From my past experiences on dealing with viruses spread via Instant Messaging, I know very well not to download anything particular, and run it for that matter (the idea of a .com file disguised as a domain and an image file is not a new idea). Though, many others fell for the trick...

There was however an unusual file spotted in the infected computer:
C:\Windows\BisonCam\BsMnt.exe [most likely culprit because it is not very well documented file, and that any relations to bisoncam does not tally with the infected computer's information]; 24 January 2008 at 02:43
Anonymous said...: I got the same thing - luckily the server was done and the page didnt load - could have been shut down; 24 January 2008 at 04:36
Anonymous said...: I'm pretty well-up when it comes to viruses, and I knew not to click this link when I got this message just now from a (fairly computer illiterate) friend of mine. I tried telling them that they've got a virus, but they genuinely thought they had done nothing wrong, and that they were busy trying to see if there were any pictures of her online. -_-; 24 January 2008 at 08:38
Anonymous said...: Oh man... JUST as I click "Publish your comment", I get another one from her. This time: It says the following:

hey, did you take this picture? http://www.mymsnpictures.com/images/viewimage.php?=[insert my email address here]; 24 January 2008 at 08:39
BigG said...: Check my next post for a solution.; 24 January 2008 at 20:10