Sponsored by..

Saturday, 20 December 2008

"Classmates Info Center": Currently planning the 2009 Year Reunion

There's a fake "Classmates" email being spammed out, that leads to a fake video that needs a fake "Adoble Media Player" called Adobe_Player10.exe and as you would probably guess, at the end of all this fakery is a nasty trojan.


Subject: Currently planning the 2009 Year Reunion
From: "Classmates Info Center" personalvideo@classmates.com

Your Classmates Events: Reunion January 16th 2009

" With pride and joy we invite you to share a special day in our lives and join us
for the Class Reunion on Friday, January 16th 2009.
Bring the gang from Our High School back together again!
Great party - from start to finish! "

Proceed to view details:

http://video.classmates.logon.user-gandy3ts0.updateyourplayer.com/messages.htm?/identification/INVITATION=vvffx2dckssqnle



Your favorite people are already here, so use ClassmatesTM to bring them together.

With best regards, Josh Jacobson. Customer Service Department.
Copyright 1995-2008 Classmates Online, Inc. All Rights Reserved.


The landing page looks like this:


Detection rates are poor according to VirusTotal. ThreatExpert's report is right here. It installs a rootkit and does all sorts of nasty things. Avoid.
Posted by at
Labels: , , ,

2 comments:

Unknown said...

I am retarded and fell for this virus on my company server....oh man. Anyways, nothing is out there to remove it and i'm pretty worried. Any thoughts? Jerry

23 December 2008 at 03:09
Conrad Longmore said...

Perhaps boot into the recovery console or safe mode and manually remove the files listed in the ThreatExpert report. I've not had to disinfect this one, not sure what will work.

23 December 2008 at 09:43

Post a Comment

Subscribe to: Post Comments (Atom)