shtyle.fm Virus, Worm or Trojan Horse?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I don't know exactly what happened, but an acquaintance got borked and
somehow it ended up with me being sent an invitation supposedly from him
to join shtyle.fm (and get a free "teddy" . . . ).

This obviously means his email collection (I don't think I'm in his
address book) was used as a source of addresses.

I see no reference using Google Web, Groups or Blogs to anything of this
nature.

I did see some references on SANS IIRC that some fairly common viruses
come in a variety of strains due to simple re-jiggering that might be
behind this.

Is anyone seeing any such reports or for that matter suspicious shtyle.fm
email traffic surges?

--

Ubuntu: Linux for Windows Refugees!

("Where's the defragmenter?" <panic>)


Re: shtyle.fm Virus, Worm or Trojan Horse?

mimus wrote:
Quoted text here. Click to load it

The evidence you provide in no way yet suggests a virus.  However, you
/may/ be seeing sufficient proof of harvesting.

At this point little damage is seen and I would suggest that everyone
involved with this acquire and implement reasonable antimalware, and
make a self examination of safe computing practices.

HTH

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: shtyle.fm Virus, Worm or Trojan Horse?

On Fri, 19 Jun 2009 20:56:07 -0700, 1PW wrote:

Quoted text here. Click to load it

Again, he didn't _give_ my email address to anyone . . . .

Something wicked obviously went trawling through his email program's email
database.

What that something was is still unclear-- he's got some people looking at
it, but I haven't heard what the diagnosis on the spot is.

And the gleeful sending out of invitations to shtyle.fm is downright
weird, although I see that they have at least some rep for spamming if no
worse already.

Quoted text here. Click to load it

Starting with switching from Windows, yes.

But let's not get into that.

--  
 
Kill. Kill! KILL!

< comp.os.linux.misc


Re: shtyle.fm Virus, Worm or Trojan Horse?

mimus thought it would be fun to share this little ditty with the
class:

Quoted text here. Click to load it
Send this to him (it will keep him busy for a while anyway)

***************begin canned response*******************

What I use to clean and maintain Windows -

Windows Update (free)
http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

Secunia Online Software Inspector (free)
http://secunia.com/vulnerability_scanning/online /

AntiVir (free version)
http://www.free-av.com /

ThreatFire (free)
http://www.threatfire.com/download /

Windows Defender (free)
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
for w2k users, see instructions here:
http://www.compatdb.org/support/topics/175747_windows_defender_windows_2000.html

SUPERAntiSpyware (free version)
http://www.superantispyware.com/download.html
If you can t download def. files you can get them here:
http://www.superantispyware.com/definitions.html

Malwarebytes' Anti-Malware (free version)
http://www.malwarebytes.org/index.php
If you can t download def. files, you can get them here:
http://www.malwarebytes.org/mbam.php

SpywareBlaster (free)
http://www.javacoolsoftware.com/spywareblaster.html

Windows Firewall (free)- w2k users can get sygate (old free version)
http://www.oldversion.com/program.php?n=sygate

Firefox with AdBlock/NoScript/WOT installed (free), set to ┤defaultí browser
http://en-us.www.mozilla.com/en-US/firefox /

AdBlock  https://addons.mozilla.org/en-US/firefox/addon/1865

NoScript https://addons.mozilla.org/en-US/firefox/addon/722

WOT      https://addons.mozilla.org/en-US/firefox/search?q=WOT&cat=all

MVPS Hosts file (free)
http://www.mvps.org/winhelp2002/hosts.htm

Thunderbird for e-mail (free), set to ┤defaultí e-mail
http://www.mozilla.com/en-US/thunderbird /

Turn off un-needed Windows Services
http://www.jasonn.com/turning_off_unnecessary_services_on_windows_xp

Update Java (free), delete old versions before updating
http://www.java.com/en/download/index.jsp

Buy a router w/built-in firewall (under $50)

More things to help keep your system lean and mean

Decrapify your PC (free)
http://pcdecrapifier.com/download

Remove Adobe Acrobat Reader and use PDF-XChange Viewer (free)
http://www.docu-track.com/home/prod_user/PDF-XChange_Tools/pdfx_viewer

CrapCleaner (free)
http://www.ccleaner.com /

JKDefrag (free)
http://www.kessels.com/Jkdefrag /

***************end canned response********************
--
Virus Removal http://max.shplink.com/removal.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is specifically set up for use in USENET.
Feel free to use it yourself.

Re: shtyle.fm Virus, Worm or Trojan Horse?

On Fri, 19 Jun 2009 23:20:06 -0400, mimus wrote:

Quoted text here. Click to load it

OK, what I am seeing is that shtyle.fm asks for (a) Orkut users to enter
their Orkut passwords and (b) Hotmail users to enter their Hotmail
passwords in order to log into shtyle.fm itself, and then apparently uses
those passwords to loot contact lists, and while my acquaintance is on
AOL, I'm beginning to wonder if he didn't fall for a shtyle.fm email and
enter his AOL password there and get his AOL contact list (I presume AOL
has one) looted.

In short, it's starting to look more like a sustained campaign of phishing
(if that's not a misuse of the term) by shtyle.fm.

--

The best piece of logic I ever heard, Mr Larynx; the very best,
I assure you.

< _Nightmare Abbey_



Re: shtyle.fm Virus, Worm or Trojan Horse?

Quoted text here. Click to load it

http://answers.yahoo.com/question/index?qid=20090106174857AAu6mIS

[...]



Re: shtyle.fm Virus, Worm or Trojan Horse?

On Sat, 20 Jun 2009 07:34:13 -0400, FromTheRafters wrote:

Quoted text here. Click to load it

Yep, these too:

http://markmail.org/message/k7cav3l3gg7xnqwa

http://www.mail-archive.com/alpha-n-crazy@googlegroups.com/msg00165.html

http://www.omnitechsupport.com/forum/topic/776/dear-support-team-please-advise-how-can-i-change /

They're apparently asking people to register under their web-mail
addresses _and web-mail passwords_ (Google/Orkut, Hotmail, and in the case
brought to my attention apparently AOL), and then looting people's
accounts for email-addresses.

Hmmm.

--

There's no point in gilding this age.


Re: shtyle.fm Virus, Worm or Trojan Horse?




Its a kind of virus. I was facing the same issue when i started using
norton
anti-virus it got fixed.


--
salsan
------------------------------------------------------------------------
salsan's Profile: http://forums.techarena.in/members/183593.htm
View this
thread: http://forums.techarena.in/antivirus-software/1200607.htm

http://forums.techarena.in


Re: shtyle.fm Virus, Worm or Trojan Horse?





| Its a kind of virus. I was facing the same issue when i started using
| norton anti-virus it got fixed.

No it isn't and stop using the Leech of Usenet  techarena.in  and maybe you'll
learn
something.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: shtyle.fm Virus, Worm or Trojan Horse?



Quoted text here. Click to load it

It may sound illogical, but the fact that an "antivirus" removed it does
not necessarily mean it was actually a virus.

Even if the antivirus program itself stated "Virus Found" it is no
guarantee that it was actually a virus.

Even if several antimalware site's write-ups say it is...it might not
be.

That, and what David said.



Re: shtyle.fm Virus, Worm or Trojan Horse?




Quoted text here. Click to load it

A virus is a specific kind of infection.  I don't see many viruses and I
troubleshoot malware fulltime.  A virus is a piece of code that lodges on
your computer where it makes a duplicate of itself and sends itself on to
another computer, usually by email.  At the next computer it does the same
thing.  

Viruses are less efficient these days than trojans.  A trojan is a program
that makes you believe it's something else.  One of the most notorious trojans
is "Antivirus 2010" which makes you think it's a helpful program, when it does
exactly what you don't want it to do.  

Trojans are more efficient because they can reside on a website where they get
indexed by Google, and the unsuspecting user accidentally downloads it and
infects their computer.  All the heavy lifting is done by Google.  

A classic example of a trojan attack was the famous Sarah Palin video in which
she "pardons" a Thanksgiving turkey while a guy standing behind her is killing
dozens of turkeys.  A Google search of "Palin" and "turkey" turned up some
websites that purported to have the video.  When you got to the website it
looked like the blurry image of a video that was ready to play, you know the
kind with a right arrow over the top.  If you clicked the image, a message
would pop up saying that you needed the latest version of a video viewer to
see the video.  Once you clicked OK to install the "viewer" you were infected
by a trojan.  There never was any viewer.  It was a rogue website designed to
get you to install malware on your computer.  


Re: shtyle.fm Virus, Worm or Trojan Horse?



@yahoo.com says...
Quoted text here. Click to load it

That would be a worm. Viruses are code that attach themselves to
existing files and replicate.

Re: shtyle.fm Virus, Worm or Trojan Horse?





Quoted text here. Click to load it

| A virus is a specific kind of infection.  I don't see many viruses and I
| troubleshoot malware fulltime.  A virus is a piece of code that lodges on
| your computer where it makes a duplicate of itself and sends itself on to
| another computer, usually by email.  At the next computer it does the same
| thing.


Parite and Virut are still seen but, very in relatively low percentages.  They
don't just
loodges onto your computer.  that's kinda simplistaic.  File infectors can
append, prepend
or insert their code into other executables.  They are in turn infected and can
do
likewise spreading tyhe infection.  A worm can use network protocaols to spread
which can
be;  RPC, SMB, SMTP, NNTP, etc. or even the AutoPlay/AutoRun facility


| Viruses are less efficient these days than trojans.  A trojan is a program
| that makes you believe it's something else.  One of the most notorious trojans
| is "Antivirus 2010" which makes you think it's a helpful program, when it does
| exactly what you don't want it to do.

Efficient is the wrong terminology.  Prevelant is better.  Viruses are less
prevalent
these days.  But that is the file infecting kind.  If you take into account
AutoRun worms
then teh prevelance is much higher.

Trojans account for most of the malware seen.  They can have the same payload of
a virus
but do not self replicate and need intervention or assistance to spread.  They
can also
append, prepend or insert their code into other executables.  Often call
trojanizing.
However the filke that been modified does not infect other files and spread the
infection.


| Trojans are more efficient because they can reside on a
| website where they get indexed by Google, and the unsuspecting user
accidentally
| downloads it and infects their computer.  All the heavy lifting is done by
Google.

That can be done with viruses just as easily.  For example a Zapchest.


| A classic example of a trojan attack was the famous Sarah Palin video in which
| she "pardons" a Thanksgiving turkey while a guy standing behind her is killing
| dozens of  turkeys.  A Google search of "Palin" and "turkey" turned up some
| websites that purported to have the video.  When you got to the website it
| looked like the blurry image of a video that was ready to play, you know the
| kind with a right arrow over the top.  If you clicked the image, a message
| would pop up saying that you needed the latest version of a video viewer to
| see the video.  Once you clicked OK to install the "viewer" you were infected
| by a trojan.  There never was any viewer.  It was a rogue website designed to
| get you to install malware on your computer.

Bad terminology again.  You mean something more like "A classic example of a
trojan ploy".
It isn't an "attack".  To attack means it takes its own action and it is
aggressive.

What you describe is a classic Social Engineeering ploy.  Use a common subject
of interest
and proclaim a video and to view the video you need a player or codec.  That
player or
codec is the trojan.  The Zlob trojan was famous for it use of this tactic.

Take any beautiful woman and you have a male desire to see her and that will
drive this
big time.  Yesterday I downloaded a 10MB multi-part Usenet binary puported to be
of Anna
kornikova.  There were a dozen or so JPEGS and two EXE files...
anna721600x1200.src.exe ~904K
anna871600x1200.src.exe ~1.03MB

These trojans are more sophiscated.  They are VMWare (VirtualBx, VirtualPC) and
AntiVir
aware and so far seem to me Instant Messaging password stealers.

The important thing here is you have malware as a top level subject.  Malware
can be
broken down into two basic sub-types, viruses and trojans.  Viruses (and this
has some
acceptance and non-acceptance) can be broken down in a few subtype that include
worms,
file infectors and disk infectors.  Trojans can be brokjen down into a very
broad number
of sub-types;  RATS, BHOs, Dialers, Backdoors, data and password stealers,
adware,
spyware, etc.





--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: shtyle.fm Virus, Worm or Trojan Horse?



Quoted text here. Click to load it

That is more a description of worm behavior (but some will say "all
worms are viruses"). Some will say it is a virus (not a worm) because it
requires the user's cooperation (the replicant's running not
programmatically determined by the parent). Some will say it is a worm
(not a virus) because it does not infect programs.

Quoted text here. Click to load it

In a sense, a virally infected program is a trojan. If a particular
child instance is unable to infect programs, but can still trigger the
payload, it is a trojan (Epeian Virus).

Quoted text here. Click to load it

A program that does some unwanted thing instead of, or in addition to
what the user wanted. It is subjective. If it replicates, it is more
important to term it a virus and leave the non-replicating types as
trojans. So, trojans don't replicate (if they do they're termed viruses
instead).

[...]



Site Timeline