Type Trojan
Aliases Trojan-Downloader.JS.Small.ag
JS/SillyDownloader.AA
Downloader-AGC
Trojan.Downloader.Mediatickets-1
Troj/Mediatic-B is a Java Script downloader/installer for MediaTickets adware.
Troj/Mediatic-B arrives by browsing web pages containing the Troj/Mediatic-B script or links to the Troj/Mediatic-B script.
Troj/Mediatic-B attempts to exploit the CODEBASE vulnerability associated with certain versions of Microsoft Internet Explorer to download files named MediaTicketsInstaller.cab and MediaTicket.exe from a remote location.
http://www.sophos.com/virusinfo/analyses/trojmediaticb.html
W32/Fanbot-C
Type Worm
W32/Fanbot-C is a email, network and P2P worm and IRC backdoor for the Windows
platform.
W32/Fanbot-C runs continuously in the background, providing a backdoor server
which allows a remote intruder to gain access and control over the computer via
IRC channels.
W32/Fanbot-C will spread via email attachments to email addresses harvested
from the infected computer with the following attributes:
Subject line:
*DETECTED* Online User Violation.
Email Account Suspension.
Hello. We're Skype and we've got something we would like to share with you.
Important Notification!
Members Support.
Notice of account limitation.
Security measures.
Share Skype.
Skype for Windows 1.4 - Have you got the new Skype?'
Warning Message: Your services near to be closed.
What is Skype?
Your Account is Suspended For Security Reasons.
Your Account is Suspended.
Message text:
Dear user <string>,
It has come to our attention that your <string> User Profile ( x ) records are
out of date. For further details see the attached document.
Thank you for using <string>!
The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - www.<string>
Dear <string> Member,
We have temporarily suspended your email account <string>.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due
to an internal error within our processors.
See the details to reactivate your <string> account.
Sincerely,The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - www.<string>
Dear <string> Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages
during the recent week. If you could please take 5-10 minutes out of your
online experience and confirm the attached document so you will not run into
any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your
membership.
Virtually yours,
The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - www.<string>
Dear user <string>,
Skype is a little piece of software that lets you talk over the Internet to
anyone, anywhere for free.
And it just got even better download the latest version of Skype:
Our call quality is the best ever for talking, laughing and sharing stories.
You can forward calls on to mobiles, landlines and other Skype Names.
Make calls instantly from Outlook email or Internet Explorer with our new
toolbars.
Personalise your Skype play around with sounds, ringtones and pictures to show
the world who you are.
For further details see the attached document.
This message contains graphics. If you do not see the graphics, click here to
view.
c 2002-2005 by Skype Technologies S.A.
Legal information
In the above message bodies the <string> would be replaced by text extracted
from the harvested email addresses.
Attachments may have the following base filenames, usually with a zip extension.
account-details
account-info
account-report
document
email-details
important-details
readme
Share Skype
Skype-details
Skype-document
Skype-info
Skype-stuffs
Skype for Windows 1.4
W32/Fanbot-C also attempts to spread by exploiting the PNP (MS05-039)
vulnerability.
A patch for the operating system vulnerability exploited by W32/Fanbot-C is
available from Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx
http://www.sophos.com/virusinfo/analyses/w32fanbotc.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic