Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [ok] Possible Virus/Trojan
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 26 Jul 2004 14:03:38 -0500

I heard about a small thing going around about Bin Laden hanging himself and
some CNN reporters had pictures. But it was a virus. I didn't hear much
about it, maybe it is a small time thing and they are just picking people to
spread the virus around.

 

-----Original Message-----
From: Edward Ray [mailto:support () mmicman com] 
Sent: Monday, July 26, 2004 1:53 PM
To: 'Todd Towles'; 'Curt Purdy'; 'Mailing List - Full-Disclosure'
Subject: RE: [ok] [Full-disclosure] Possible Virus/Trojan

 

Got something similar to that a few days ago on another mailing list,
informing me Arnold Schwarzenegger hung himself last night.  the file was a
*.exe.html, or *.html.exe

 

  _____  

From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Todd Towles
Sent: Sunday, July 25, 2004 8:03 PM
To: 'Curt Purdy'; 'Mailing List - Full-Disclosure'
Subject: RE: [ok] [Full-disclosure] Possible Virus/Trojan

I would say that the latter is the more likely, but the message came from a
hotmail account. Doesn't hotmail check attachments? I didn't look at the
headers really so spoofing is possible. I am getting a copy to a research
company so I can get some more answers maybe.

 

-----Original Message-----
From: Curt Purdy [mailto:purdy () tecman com] 
Sent: Sunday, July 25, 2004 2:07 PM
To: 'Todd Towles'; 'Mailing List - Full-Disclosure'
Subject: RE: [ok] [Full-disclosure] Possible Virus/Trojan

 

Todd Towles  wrote:

I received an e-mail today that looked very much like a virus. Here is the
message 



Attachment - erupts.avi.exe



Subject - New Southern California wildfire erupts

<snip> .



Either this is a new Trojan that changes it body and subject based on the
current  AP  news or someone used a very lame trick against me. =)  

 

I'm guessing the latter.  Although story scraping would be possible,
intellegent naming of the .exe would not be.  Most likely a friend... or
enemy.

 

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke 

 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]