Could be a local trojan inserting bogus entries on the hosts file, could be DNS poisoning on one particular resolver, or an infection on the distribution source. Rubens On Sun, Apr 19, 2009 at 5:55 PM, Mari Nichols <mari@imarsolutions.com> wrote:
I believe the file is originating directly from Skype. Our writer stated that he had tried download.com's version and it was clean against VT. I'm on ISC handler duty today, just wondering if anyone had seen this happening.
Mari Nichols HoD
________________________________ From: Paul Ferguson <fergdawgster@gmail.com> To: Mari Nichols <mari@imarsolutions.com> Sent: Sunday, April 19, 2009 4:31:06 PM Subject: Re: SkypeSetup Rogue Download
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, Apr 19, 2009 at 12:55 PM, Mari Nichols <mari@imarsolutions.com> wrote:
Has anyone seen anything like this?
http://www.virustotal.com/analisis/f58203f8d5cb98628eaa785e27c9e059
Hi,
Could you provide the URL where that file is located?
Thanks,
- - ferg
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFJ64oEq1pz9mNUZTMRAs4MAJ9x8vwDJzMEnci72jEK7hNEd2NmdQCfRUgE B4Se4ZXdcTaoT4h1SHfmC4Q= =wXNG -----END PGP SIGNATURE-----
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/