[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] What is this

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] What is this
From: trains@xxxxxxxxxxxxxx
Date: Mon, 8 Aug 2005 13:39:01 -0500

Quoting Armando Rogerio Brandão Guimaraes Junior <arjunior@xxxxxxxxxxxx>:

Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php
AntiVirus and SpyBot doesn´t detect!!!

Armando Guimarães Jr

It is an MS-EXE executable program. Anti virus doesn't find it because it is not an virus. Spybot for the same reason. To block these you need an smtp policy that does not allow executable attachments to incoming emails.

"What it does" could be anything from typing "hello world" in a dialog box (unlikely) to creating a new Administrator account on your corporate AD server and posting the entire contents thereof to an IRC channel (somewhat more likely). But at first glance it looks like it is going to open a backdoor shell on the recipient's PC.

tc

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] What is this
  - From: Michael Hale
- RE: [Full-disclosure] What is this
  - From: Peter Kruse

References:
- [Full-disclosure] What is this
  - From: Armando Rogerio Brandão Guimaraes Junior

Prev by Date: [Full-disclosure] Port scanner for Windows CE
Next by Date: Re: [Full-disclosure] What is this
Previous by thread: [Full-disclosure] What is this
Next by thread: Re: [Full-disclosure] What is this
Index(es):
- Date
- Thread