Possible New MSN Virus/Trojan/Phishing Attempt

In the middle of a conversation with someone on MSN Live Messenger just now, I got the following URL as a line of text (literally in the middle of the conversation, so the other party had just said something and then this appeared):

NOTE – DO NOT CLICK THIS LINK OR DOWNLOAD THIS FILE:

http://194.0.252.210/SMSZilla.exe

I checked with the other party and they informed me they did not type that and had no idea what it was. Normally in this situation I assume their system is infected, trojaned or otherwise backdoored – although this is a brand new install of Windows less than a few hours old and with very little software installed, so it would be odd.

AVG doesn’t think this SMSZilla.exe file is anything weird (yet). I can’t find its md5 hash anywhere ( 37f13208d63710f88ec66ae0ca2c2c82 ) either.

Edit: after some more testing I saw it again – it actually takes something the other person says and converts their message into this URL (so obviously you never get their original message, just this converted one).

Update: A few hours later the message has changed and it is now sending the following URL:

http://smsfree.us/SMSZilla.Full.exe

The file is different too, the new md5 hash is 211bc2e12563efc7ddc8b04f233da3c9.

This post exists just in case anyone else is searching for the file or hash.

Leave a Reply

Your email address will not be published. Required fields are marked *