Bugtraq: Re: new WIN virus?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: new WIN virus?

From: Gregor Lawatscheck <gpel () mpex net>
Date: Fri, 30 Jan 2004 04:04:33 +0100

Atom 'Smasher' wrote:
[...]

the original spam, the page that it requests, and the suspicious "exe"
file:
        http://smasher.suspicious.org/tmp/live-virus.tgz

[...]

updatte.exe was tested on:
   yahoo-mail
   http://www.kaspersky.com/remoteviruschk.html
   http://www.dials.ru/english/www_av/
   http://www.rav.ro/scan/indexn.php
and they all reported that the file poses no threat. i suspect they're
wrong.

I've submitted this file to AVERT WebImmune ( https://www.webimmune.net) and they now detect it asa password phishing Trojan called "pws-polk". I've also sent a sample tonewvirus (at) kaspersky.com so they get a chance to update their signatures.


- Gregor

By Date By Thread

Current thread:

Re: new WIN virus? markus-1977 (Feb 02)
- <Possible follow-ups>
- Re: new WIN virus? pna.lists (Feb 02)
  - Re: new WIN virus? Atom 'Smasher' (Feb 02)
- Re: new WIN virus? Atom 'Smasher' (Feb 02)
- Re: new WIN virus? K-OTiK Security (Feb 02)
- Re: new WIN virus? Gregor Lawatscheck (Feb 02)