Both domains, 0085.com and lookfor.cc are included in Eric Howes' IE-SPYAD block list, and most likely hpHOSTS file and MVP Hosts file, but I'll check on the hosts files.

http://www.spywarewarrior.com/ui...uc/ resource.htm

http://www.hosts-file.net/downloads.html

http://www.mvps.org/winhelp2002/...p2002/ hosts.htm
suzi | Homepage | 02.02.06 - 8:55 pm | #

Cheers adam, good tip!
Zina | 02.03.06 - 12:03 pm | #

I think Kaspersky Labs now detect this as Exploit.Win32.WMA.a.
TonyW | 02.03.06 - 9:13 pm | #

Jesus, CWS again, and again, and again. This network seems to grow bigger every day. What are exactly the authorities waiting for? Oh, yeah, I see, they are busy tracking down teenagers who download mp3s.

wintard: "What happen?"
technician: "Somebody set up you the bomb."
user: "We get popup."
wintard: "What!"
user: "Home page turn on."
wintard: "It's YOU!!"
CWS: "How are you gentlemen!!"
CWS: "All your base system are belong to us."
CWS: "You are on the way to infection.
wintard: What you say!!"
CWS: "You have no chance to clean make your time."
CWS: "HA HA HA HA..."
TNT | 02.05.06 - 1:23 pm | #

Any word on whether or not this affects Winamp 2.95? I (and many others, I'm sure) can't stand the bloated 5.x releases, and am sticking with the 2.x versions for now.
Anon | 02.06.06 - 11:40 am | #

Anon--

From my testing, version 2.95 is NOT affected.
Adam Thomas | Homepage | 02.06.06 - 3:44 pm | #