[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: New Virus under way ...

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Re: New Virus under way ...
From: David Schultz <evil_genius@xxxxxxx>
Date: Fri, 19 Mar 2004 11:48:57 -0500

On 3/18/04 11:24 AM, "full-disclosure-request@xxxxxxxxxxxxxxxx"
<full-disclosure-request@xxxxxxxxxxxxxxxx> wrote:

> Message: 2
> got a strange Mail 2day:
> 
> Subject: RE: Protected message
> From: 20030814171411.10246.qmail@xxxxxxxxxxxxxxx
> 
> link to virus is ...
> http://221.153.61.232:81/100721.php
> 
> Host is in Korea, abuse warning has been sent.
> 
> can anyone verify what kind of malware that is ?
> 
> Helmut

The php script has a download link from the same web server. The linked file
is a jpg that has what norton corporate version 8.00.9374 calls
bloodhound.packed (defs are 3/10/04 rev 5)

DVS
-- 
"If you want to eat hippopotamus, you've got to pay the freight."
-attributed to an IBM guy, about why IBM software uses so much memory

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Administrivia (very OT, but should be addressed)
Next by Date: [Full-Disclosure] Broadcast client buffer-overflow in Terminator 3 1.0
Previous by thread: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1522 - 45 msgs
Next by thread: [Full-Disclosure] Broadcast client buffer-overflow in Terminator 3 1.0
Index(es):
- Date
- Thread