Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included)
From: Valdis.Kletnieks () vt edu
Date: Tue, 24 Jan 2006 21:39:11 -0500

On Tue, 24 Jan 2006 23:49:03 +0100, "ad () heapoverflow com" said:
and if the worm doesnt use any vulnerability, how come it has been so
widely spreaded ?

It doesn't exploit a *software* vuln, but a *wetware* one...

http://www.f-secure.com/v-descs/nyxem_e.shtml says:

The worm sends itself as attachment in the infected e-mail. The e-mail subject can be one the following:

The Best Videoclip Ever
School girl fantasies gone bad
A Great Video
Fuckin Kama Sutra pics
Arab sex DSC-00465.jpg
give me a kiss
*Hot Movie*
Fw: Funny :)
Fwd: Photo
Fwd: image.jpg
Fw: Sexy
Fw: Picturs
Fw: DSC-00465.jpg
Word file
the file
Part 1 of 6 Video clipe
You Must View This Videoclip!
Miss Lebanon 2006
Re: Sex Video
My photos

The message body may be one of the following:

Note: forwarded message attached.
Hot XXX Yahoo Groups
F*ckin Kama Sutra pics
ready to be F*CKED ;)
forwarded message attached.
VIDEOS! FREE! (US$ 0,00)
Please see the file.
forwarded message
----- forwarded message -----
i just any one see my photos. It's Free :)

how are you?
i send the details.
OK ?

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]