RE: New piece of spyware?

["Rob Shein" <shoten () starpower net>]

What's in your mirc.ini, script.ini and remote.ini?  And what version of
mirc are you running?  There are some vulnerabilities in some versions of
mirc, and worms that take advantage of them.  In addition, there are several
worms that look for (and infect) mirc, even though they may spread via
another vector.

> -----Original Message-----
> From: caldcv () students fccj org [mailto:caldcv () students fccj org] 
> Sent: Thursday, May 13, 2004 10:04 PM
> To: incidents () securityfocus com
> Subject: New piece of spyware?
>
>
>
>
> Hi,
>
>  I have a Windows Server 2003 machine. Lately, I noticed on 
> my mIRC IRC client that something is pasting out ads to the 
> current window.
>
> [14:40] <nickname> New threat exploits flaw in Internet 
> Explorer - 
> http://www.addict3d.org/index.php?page=viewarticle&type=news&I
D=2039 , please support them by clicking the GOOGLE AD inside the articles
on the right.

[09:46] <nickname> Sasser worm author needs money -
http://addict3d.org/index.php?page=viewarticle&type=news&ID=2035 , also
please support us by clicking the AD inside the article on the right.

[09:55] <nickname> 'Doom' creator Id - soon to start on new game -
http://addict3d.org/index.php?page=viewarticle&type=news&ID=2030 , also
please support us by clicking the AD inside the article on the right.

[14:49] <nickname> please support http://www.addict3d.org (A computer
security website) by clicking a google AD, INSIDE the articles on the right.
Thanks alot. :]

This last ad was the first one I've seen. I've ran SpyBot S&D and Ad-aware
with no results. I've search Google for addict3d with no results either.

Thanks,

CC.

---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------