Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [ok] Possible Virus/Trojan
From: "Todd Towles" <toddtowles () brookshires com>
Date: Sun, 25 Jul 2004 22:05:46 -0500

It is a very smooth idea if it is a new e-mail worm. I haven't been able to
find any information from any AV companies on something like this. If it is
some kiddie trying to be smooth with me, this could be a new technique to
come.

-----Original Message-----
From: Andrew Farmer [mailto:andfarm () teknovis com] 
Sent: Sunday, July 25, 2004 6:06 PM
To: Curt Purdy
Cc: 'Mailing List - Full-Disclosure'; 'Todd Towles'
Subject: Re: [ok] [Full-disclosure] Possible Virus/Trojan

On 25 Jul 2004, at 12:06, Curt Purdy wrote:
Todd Towles  wrote:
I received an e-mail today that looked very much like a virus. Here 
is the message

Attachment - erupts.avi.exe

Subject - New Southern California wildfire erupts

<snip>

Either this is a new Trojan that changes it body and subject based on 
the current  AP  news or someone used a very lame trick against me. 
=)

I'm guessing the latter.  Although story scraping would be possible,
intellegent naming of the .exe would not be.  Most likely a friend... 
or
enemy.

Sure it would be. In this case, at least, the executable is just named 
based on the last word of the headline plus ".avi.exe".

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault