Sweepstakes.com Questions

[blim]

I've been seeing a LOT of posts in the Malware section about Sweepstakes.com.

Wondering--how does this cootie get on folk's computers? Is it something that is downloaded on purpose and folks don't realize it's a cootie? (I googled it and there is a sweepstakes.com site--no, I didn't click on it! ) Does it come attached with stuff downloaded from Kazaa etc, from infected webpages, email attachments?

And is there anything one can do to prevent their computers from catching this cootie?

Really just curious (and it will give me "educated ammo" to nag the kids with... )

Thanks,

Liz

[Matt]

Hi Liz!

I've been seeing a LOT of posts in the Malware section about Sweepstakes.com.

I was just thinking that today as well!

Wondering--how does this cootie get on folk's computers? Is it something that is downloaded on purpose and folks don't realize it's a cootie? (I googled it and there is a sweepstakes.com site--no, I didn't click on it! ) Does it come attached with stuff downloaded from Kazaa etc, from infected webpages, email attachments?

That I cannot answer, there isn't a lot of information on this infection. I spoke with some other HJT analyzers, and we agreed that the file ms2src.exe appears in almost all logs where people complain of Sweepstakes.com. Take a look at the BT logs that had that file. pumd.exe is less frequent, but also in many of the logs with the symptoms. pumd.exe has even less information about it. I can tell you Ms2src.exe is Trojan.

And is there anything one can do to prevent their computers from catching this cootie?

Keep practicing all the normal protection routines. Updated AV/Firewall. Don't go to Shady Sites. Open attachments that you trust only. etc. etc.

There was no info on any AV sites about those files, but that doesn't mean their definitions don't detect it. And if they don't as this thing grows, they certainly will!

Matt

[blim]

Thanks, Matt!

Liz