Fake ImageShack site serving malware, links distributed over IM
In a combination of domain typosquatting next to spoofed image files, malware authors managed to successfully
The real ImageShack site is imageshack.us, however, the malware authors are impersonating ImageShack and using imageshaack .org, in particular imageshaack.org /img/Picture275.jpg, which is where the malware is. Once the user gets infected with the malware, Backdoor.Win32.SdBot.eiu in this case, the host joins an IRC channel where the botnet masters continue issuing commands for the campaign to spread, like the following :
!msn.msg lool!! :D http ://imageshaack.org /img/Picture275.jpg |!trition.msg lool!! :D http ://imageshaack.org/img /Picture275.jpg topic set by Everglades on Wed Jun 11 15:41:57
"!msn.msg Haha is that you;)? http ://imageshaack.org /img/Picture275.jpg?|!trition.msg http: //imageshaack.org/img /Picture275.jpg
Until the site gets shut down, consider being extra vigilant on IM messages received, and while this is a bit more creative social engineering attack then the majority of average ones I've seen this month, non-executable files are apparently just as dangerous as executable ones.