Just had chance to read those links - interesting to note that according to ca this variant is classified as newly discovered and it looks like you were perhaps one of the first to be infected.
31 May 2007 Win32/SillyDl.CVC
Also known as: W32/Downloader2.EKK (exact) (F-Secure), Trojan-Downloader.Win32.Small.eqz (Kaspersky), TROJ_TrojanDownloader:Win32/Small!78BF (MS OneCare), TROJ_Downloader (Symantec), TROJ_Mal/Basine-C (Sophos), TROJ_DLOADER.NMD (Trend)
Since they are reporting 31st of May thats probably the reason why we couldnt find anything when we both tried looking yesterday morning, as it probably hadn't yet been indexed by the search engines.
Some of the AV/security sites only started reporting and implementing patches/removal instructions as from yesterday.
Out of curiosity I just googled again just now using the same keywords and the ca link is now there.
I did however find highly amusing was that if you do a today on
google search today on "Agent-BHA", look whats at the top of the list,
whilst the CA one is 5th down.
---------------------
What I do find disturbing is the fact that you picked this up by following a link from the register. Did you try following a link to the Independent website?
Judging from the time of the report on the register, and the time on your dump file then it looks like you tried to access the site whilst it was still having problems.. and therefore could perhaps have been inadvertently hosting the virus on the web-server??
Win32/SillyDl variants may be installed via Internet Explorer exploits when users visit malicious web pages; other trojan downloaders or components; or they may be packaged with software that the user has chosen to install.
An alarming number of big name servers seemed to have been "hacked" over the past couple of weeks. Some of the names involved have stated openly that exploits have been deposited.. some have said nothing or little about the incidents.
Some of the companies involved with site problems/hacking in the past week or so have been
AbbeyNat (problems), Plusnet webmail (compromised), Telegraph, Mirror (hacked) Independant (they ain't saying).
--------------
Some trojans do hide themselves in valid windows files (or a url in the case of key-clickers which they write to say the host file).
It does seem that using hacked or rogue websites to deposit downloaders/key loggers on users machines right now is in vogue.
Its also vital to make sure that you have installed all the latest windows updates.
Som's explanation sounds likely, but IMHO it was just "that file" it picked.. it could have been any windows file.
For you in a way it was quite lucky - because .dmp files arent necessary and if you read between the lines of my posts yesterday, I was trying to say yeah they are safe to delete cause you dont really need them
- without having any recourse on myself it things went belly-up.. :/