Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: media-motor.net
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Mon, 15 Nov 2004 13:27:59 -0800

file is a MSVB exe, here are some fun strings from the binary...
( spyware, but not a trojan )

http://www.maxmind.com:8010/a?l=PeAyF1sgrZYw&i=\tempf.txt
\usta32.ini
http://mmm.media-motor.net/bundle.php?aff=\affbun.txt
  phases
  sewers
  outers
c:\asdf.txt
randomdll
mydll
randomocx
 \regsvr32 /s 
 randomexe
myexe
 SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  uinstaller
  unstall.exe
 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor
  DisplayName
  Media-motor
\unstall.exe
http://logs.media-motor.net/log3.php?c=&what=newinstall&aff=&country=
 \tempf2.txt
&what=dupinstall&aff=

anyone familiar with this group (media-motor.net/Roings.com) ? they
seem to be sending downloader.trojan files to unsuspecting people
using everyone.net webmail accounts.
http://mmm.media-motor.net/soft/default.exe
the webmail i discovered it on was from sunguru.com

tries to download that file everytime i log in or log out.?
proally using IE huh?????

fun stuff,
m.w

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]