Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: New Virus under way ...
From: David Schultz <evil_genius () mac com>
Date: Fri, 19 Mar 2004 11:48:57 -0500

On 3/18/04 11:24 AM, "full-disclosure-request () lists netsys com"
<full-disclosure-request () lists netsys com> wrote:

Message: 2
got a strange Mail 2day:

Subject: RE: Protected message
From: 20030814171411.10246.qmail () www securityfoc

link to virus is ...
http://221.153.61.232:81/100721.php

Host is in Korea, abuse warning has been sent.

can anyone verify what kind of malware that is ?

Helmut


The php script has a download link from the same web server. The linked file
is a jpg that has what norton corporate version 8.00.9374 calls
bloodhound.packed (defs are 3/10/04 rev 5)

DVS
-- 
"If you want to eat hippopotamus, you've got to pay the freight."
-attributed to an IBM guy, about why IBM software uses so much memory


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]