- AIM virus / worm

["Hubbard, Dan" <dhubbard () websense com>]

The second link is dead the first is a nasty piece of code that does at
a minimum:

Installs a BHO...
Installs Spyware.
Connects to:

http:// home.comcast.net/~svyskocil/image0088.com
http:// home.earthlink.net/~two4tea/installs.exe
http:// home.earthlink.net/~two4tea/mc-110-12-0000080.exe
http:/
/www.ysbweb.com/ist/scripts/exe_version.php?aid=1003517&cfg=ysb_m3&vkey=
211111
http:/ /media.matcash.com/wrapper/launcher.exe
http:// www.maxifiles.com/ai/director_install.exe
http:/ /media.matcash.com/wrapper/get.php?id=110&aid=mc-110-12-0000080
http:/ /media.matcash.com/toolbar/freeprodtb.exe
http:/ /media.matcash.com/toolbar/freeprodtb.exe
http:// media.freeprod.com/toolbar/register.php 

In general adds a bunch of Spyware / Adware stuff to your machine and
downloads a bunch of others....

-----Original Message-----
From: Michael Gargiullo [mailto:mgargiullo () pvtpt com] 
Sent: Thursday, October 27, 2005 1:26 PM
To: incidents () securityfocus com
Subject: [BULK] - AIM virus / worm

Has any one seen this before... Google showed no results...

Instant message from a friend on your buddy list with a link like so...

see this!! http://home.comcast.net/~svyskocil/image0088.com

and 

HILARIOUS!! http://home.earthlink.net/~ylee92504/pic0041.com

Symantec corp with defs from yesterday don't detect anything in the com
file, but it does propagate when executed.