Welcome to the Gamebase 64 forums.                 An attempt to document ALL Commodore 64 gameware before it's too late!

GB64 Virus Alert

This is the place for your GB64.COM feature requests and bug submissions!

Moderator: Jimbo

davo
New Member
Location: Melb, Australia
Posts: 43
Joined: Fri Aug 18, 2006 3:37 pm

GB64 Virus Alert

Thu Mar 24, 2011 8:31 am

Browsing the forums yesterday from my work computer saw my machine infected with a virus.

here is a little info on it, it is called Pinkslipbot. It hit the wild on March 16.

The delivery method looks to have been via a specially crafted jpeg, probably one of the scene ads, which then redirects to a specially crafted pdf.

The virus does not become active until a reboot at which time it appears as

C:\Documents and Settings\user.name\Application Data\Orxu\evpun.exe\evpun.exe

I cant post images here, so I cant provide a clip of the path that lead to the infection. Suffice to say it comes from here....

first 'http://dkrt.co.cc/games/liti.php ?f=16' to direst you to the pdf which causes the actual exploit...

'http://dkrt.co.cc/k.php?f=16&s=%84%B0%9 ... 0%90%90%90'

This is a classic spoofed address designed to take advantage of an exploit.

This is what it looks like when it first lands on your system, before the reboot...

File Name: WM_25315_info.exe
File Type: EXEW32
File Size: 141 KB

I may have some of the detail worng, secrutiy is not my forte, I am just trying to relate my understanding of what the security guy at work has told me.

Return to “The GB64 Website”

Who is online

Users browsing this forum: No registered users and 1 guest