[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K
- To: "Jan Nielsen" <jan@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Mon, 15 Aug 2005 11:29:27 -0500
That is very possible, but a "update" would have to be made to the bot
client to get this webserver on the box with a phishing site. So why not
just wait and do the DNS poison when the website is up and working,
instead of before...this just tells people that something is wrong.
It doesn't help the worm, it is just leftover junk from the Mytob - as
Joe pointed out.
-Todd
________________________________
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Jan
Nielsen
Sent: Monday, August 15, 2005 11:14 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: RE: [Full-disclosure] Virus Outbreak Attacking MS05-039
WIN2K
Perhaps the next phase of the virus is a phishing attack to get
people to go to a local webserver initiated by the virus to capture
login/credentials from those site ?
Jan
-----Original Message-----
From: Andrew Smith [mailto:andrew.rse@xxxxxxxxx]
Sent: 15. august 2005 17:27
To: Mike
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Virus Outbreak Attacking MS05-039
WIN2K
Can anyone explain why this virus chooses to block ebay, amazon
and paypal?
This seems foolish if the intention is to remain on the
compromised host un-noticed.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/