[Quote=Messenger Plus! Zone]
http://www.msgpluszone.com/
SECURITY ALERT!
A new trojan is circulating as a Messenger Plus! Plugin, Full details below.

Report: On 6/11/04 at around 6:30PM Eastern Standard Time, Messenger Plus! Zone obtained a copy of a file ("SWMPplugin.exe") that is known as Backdoor.Prorat (Symantec). The trojan was circulated as a Messenger Plus! Plugin that add's new sounds, and after receiving this file it was processed and scanned and it is a dangerous backdoor. The Trojan can allow a hacker to gain complete control of your computer.  The trojan HAS been reported to Patchou.

what did it say this plugin did, and was it posteed here on these forums?

hmmmmmmmmmmmm could this be more childish behavior from dane????

quote:

---

Originally posted by TheBlasphemer

quote:

---

Originally posted by jackass_wanabe
hmmmmmmmmmmmm could this be more childish behavior from dane????

---

I had the same idea...
If symantec recognized it, it has been around for a while.
There is no possibility of modifying an existing trojan and turning it into a Plus! plugin...

---

I think DJM meant "to modify a trojan's executable file".

Well, I agree with DJM in this aspect, it's nearly impossible to modify an executable file and add such function entries in it.

According to Neowin news post/comments, the file is not a Plus! plugin at all - it's just being claimed to be a Plus! plugin.

quote:

---

Originally posted by Mnjul
Well, I agree with DJM in this aspect, it's nearly impossible to modify an executable file and add such function entries in it.

---

Yeap, just bind a valid setup EXE with the trojan executable, and voila! Haha, you have your plugin working perfectly with a the trojan silently!

I was shocked to hear that a deadly trojan was circulating a messenger plus plugin. Will those hackers ever stop playing hell with us all.

I found this link which shows a screenshot of the client side of the deadly trojan (the part the hacker uses to cause havoc). Looks to me like the hacker can do some pretty evil stuff to your PC behind your back.

http://www.megasecurity.org/trojans/p/prorat/Prorat1.8.html

and No, you can't download the trojan off the site, it's a screenshot only.

Makes you think really how sad hackers really are, don't ya think...

I used to do stuff like that a few years ago.. With friends though... Then I would like give them popups with 'Why hello there', or start a Matrix chatscreen... It was funny. I got a warning from my ISP, so I  had to stop, it was fun playing around with mates... as long as you don't break anything... They knew about it though, so it was different...
But is it or is it not a MsgPlus plugin?

it's NOT a msgplus plugin. if it was, you'd see it directly (in the plugin menu).

correct me if i'm wrong, but writing an activeX exe makes your plugin exe, and if you add the reg keys to the class of your exe ("MyActiveXExe.MyPluginClass"), it should work.

To clarify some things, first, yes, I own the site the Security Alert appeared on, No, I didnt put up a fake alert to scare people.

A contact on my list submitted the file to me (unaware it was a virus), he said his friend got it from a website claiming it added tons of sounds to MSN Messenger.  The "plugin" is just that, not a plugin at all.

I have been unable to find this plugin in the wild, so its basically a "Zoo" virus.

I hope that cleared some things up, also, the security alert has been lifted due to the fact that I cannot confirm it is in the wild anymore.

quote:

---

Originally posted by eXoenDo
A contact on my list submitted the file to me (unaware it was a virus), he said his friend got it from a website claiming it added tons of sounds to MSN Messenger.  The "plugin" is just that, not a plugin at all.

I have been unable to find this plugin in the wild, so its basically a "Zoo" virus.

---

Patchou said it only makes it worse to talk about it.

quote:

---

Originally posted by CookieRevised

quote:

---

Originally posted by eXoenDo
A contact on my list submitted the file to me (unaware it was a virus), he said his friend got it from a website claiming it added tons of sounds to MSN Messenger.  The "plugin" is just that, not a plugin at all.

I have been unable to find this plugin in the wild, so its basically a "Zoo" virus.

---

Don't use fancy words if you can't back it up with evidence!

You don't have the means to search for "wild" virusses, so don't say it is or isn't "wild". Furthermore, if it can be downloaded on a public site, chances are that it is spreading...

Also, the word wild-virus and zoo-virus doesn't exist! Every virus is "wild". There isn't such a thing as a zoo-virus. Wild is a term that indicates the spread-rate of a virus...

Furthermore, only virus companies have to means to estimate the spreading of virusses (and even they fail to do a proper estimate sometimes) and thus can give a proper value to the wild-term.

Also, you said in the reoprt that it was a Messenger Plus! plugin, now your saying it is an addon for MSN Messenger? ....

---