In the middle of a conversation with someone on MSN Live Messenger just now, I got the following URL as a line of text (literally in the middle of the conversation, so the other party had just said something and then this appeared):
NOTE – DO NOT CLICK THIS LINK OR DOWNLOAD THIS FILE:
http://194.0.252.210/SMSZilla.exe
I checked with the other party and they informed me they did not type that and had no idea what it was. Normally in this situation I assume their system is infected, trojaned or otherwise backdoored – although this is a brand new install of Windows less than a few hours old and with very little software installed, so it would be odd.
AVG doesn’t think this SMSZilla.exe file is anything weird (yet). I can’t find its md5 hash anywhere ( 37f13208d63710f88ec66ae0ca2c2c82 ) either.
Edit: after some more testing I saw it again – it actually takes something the other person says and converts their message into this URL (so obviously you never get their original message, just this converted one).
Update: A few hours later the message has changed and it is now sending the following URL:
http://smsfree.us/SMSZilla.Full.exe
The file is different too, the new md5 hash is 211bc2e12563efc7ddc8b04f233da3c9.
This post exists just in case anyone else is searching for the file or hash.