Warning! nasty one

[pcbutts1]

I've seen this thing change group policy, expire passwords and modify the
boot.ini. Warning Newbie's don't go here or you will be asking for help to
get rid of it. 64_201_199_24 it arrives in email claiming to be a youtube
video. Dustin you like **** like this have fun.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

[jen]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in message
news:favdgl$n9o$1@blackhelicopter.databasix.com...
> I've seen this thing change group policy, expire passwords and modify
> the boot.ini. Warning Newbie's don't go here or you will be asking for
> help to get rid of it. 64_201_199_24 it arrives in email claiming to
> be a youtube video. Dustin you like **** like this have fun.

Storm of the Day, Now with YouTube:
http://isc.sans.org/diary.html?storyid=3321

-jen

[pcbutts1]

Yep, that be it.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"jen" <jen@example.com> wrote in message
news:aTGAi.36517$t9.31479@bignews7.bellsouth.net.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in message
> news:favdgl$n9o$1@blackhelicopter.databasix.com...
>> I've seen this thing change group policy, expire passwords and modify the
>> boot.ini. Warning Newbie's don't go here or you will be asking for help
>> to get rid of it. 64_201_199_24 it arrives in email claiming to be a
>> youtube video. Dustin you like **** like this have fun.
>
> Storm of the Day, Now with YouTube:
> http://isc.sans.org/diary.html?storyid=3321
>
> -jen
>

[Andy Walker]

jen wrote:

>"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in message
>news:favdgl$n9o$1@blackhelicopter.databasix.com.. .
>> I've seen this thing change group policy, expire passwords and modify
>> the boot.ini. Warning Newbie's don't go here or you will be asking for
>> help to get rid of it. 64_201_199_24 it arrives in email claiming to
>> be a youtube video. Dustin you like **** like this have fun.
>
>Storm of the Day, Now with YouTube:
>http://isc.sans.org/diary.html?storyid=3321
>
>-jen

The article doesn't mention it but the IP addresses in the malicious
links are infected zombie computers located all over the world. I
haven't yet seen two the same in all the samples I've collected,
although it is clear that infected computers can send out numerous
emails.

The F-Secure weblog has been pretty good at keeping up on the new
variants http://www.f-secure.com/weblog/

[Clark]

pcbutts1 wrote:
> I've seen this thing change group policy, expire passwords and modify
> the boot.ini. Warning Newbie's don't go here or you will be asking
> for help to get rid of it. 64_201_199_24 it arrives in email claiming
> to be a youtube video. Dustin you like **** like this have fun.



I can't wait for my customers to Click it !!!

Cha Ching!!!


Clark

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:favdgl$n9o$1@blackhelicopter.databasix.com:

> I've seen this thing change group policy, expire passwords and modify
> the boot.ini. Warning Newbie's don't go here or you will be asking for
> help to get rid of it. 64_201_199_24 it arrives in email claiming to
> be a youtube video. Dustin you like **** like this have fun.

I'm a bit behind on things here lately butts. If you want to send a sample
along to my email, your welcome to do so.


--
################################################## ##
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: bughunter.dustin@gmail.com
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
################################################## ##

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:favdgl$n9o$1@blackhelicopter.databasix.com:

> I've seen this thing change group policy, expire passwords and modify
> the boot.ini. Warning Newbie's don't go here or you will be asking for
> help to get rid of it. 64_201_199_24 it arrives in email claiming to
> be a youtube video. Dustin you like **** like this have fun.
>
>

Hi again PcButts,

Any chance you will send the file for analysis?

If you will, you can send it to my gmail address if you will zip the file
(s), and encrypt them and rename the .zip to .dat or something so google
won't complain. I'd appreciate any cooperation from you that your willing
to give.


--
################################################## ##
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: bughunter.dustin@gmail.com
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
################################################## ##

[pcbutts1]

You can get it from the link I posted.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
news:Xns999E8ACE7734HHI2948AJD832@69.28.186.121...
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
> news:favdgl$n9o$1@blackhelicopter.databasix.com:
>
>> I've seen this thing change group policy, expire passwords and modify
>> the boot.ini. Warning Newbie's don't go here or you will be asking for
>> help to get rid of it. 64_201_199_24 it arrives in email claiming to
>> be a youtube video. Dustin you like **** like this have fun.
>>
>>
>
> Hi again PcButts,
>
> Any chance you will send the file for analysis?
>
> If you will, you can send it to my gmail address if you will zip the file
> (s), and encrypt them and rename the .zip to .dat or something so google
> won't complain. I'd appreciate any cooperation from you that your willing
> to give.
>
>
> --
> ################################################## ##
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2c
> Email: bughunter.dustin@gmail.com
> Web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
> ################################################## ##

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in news:fbc9gd$l1r$1
@blackhelicopter.databasix.com:

> You can get it from the link I posted.

I cannot seem to gain access to anything at that address.
If you still have a viable sample of it and wouldn't mind sending it along
for analysis, I would appreciate it.


--
################################################## ##
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: bughunter.dustin@gmail.com
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
################################################## ##

[pcbutts1]

I deleted it.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
news:Xns999EC04D02FE0HHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in news:fbc9gd$l1r$1
> @blackhelicopter.databasix.com:
>
>> You can get it from the link I posted.
>
> I cannot seem to gain access to anything at that address.
> If you still have a viable sample of it and wouldn't mind sending it along
> for analysis, I would appreciate it.
>
>
> --
> ################################################## ##
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2c
> Email: bughunter.dustin@gmail.com
> Web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
> ################################################## ##