At 4:09 PM +0200 10/21/09, Rasmus Haslund wrote:
Hi,From Microsoft Update Center / <mailto:noreply@xxxxxxxxxxxxx>noreply@xxxxxxxxxxxxxIt is linking to <http://update.microsoft.com.looolokr.co.uk/microsoftofficeupdate/KB910737/default.aspx/?ln=en-us&email=someone@xxxxxxxxxxxx&id=361689542175723843575110591518774>http://update.microsoft.com.looolokr dot co.uk/microsoftofficeupdate slash KB910737/default.aspx/?ln=en-us&email=someone@xxxxxxxxxxxx&id=361689542175723843575110591518774Unfortunately I dont have the ability to provide a sample currently.
Thanks, RasmusAm pushing out new sigs now. I also snagged a copy of the payload from another source. Only 6 at virus total detecting.
Tom