Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Can Someone Tell Me What This Is?
From: "Very Unprivate" <very () unprivate com>
Date: Sat, 28 Jan 2006 21:08:01 +0100


  Hi, actually i have another question of a similar ballpark, so i can't
really answer your question, but did a virustotal scan on it anyway (got
the url from a previous fd post) so as not to post "empty handed".
  What i noted is this: I've been receiving emails on a few accounts
eversince a couple of days.. Their subject is
Hey, somebody! --where "somebody" is the user part of the email. But no
virus, no attached files, no body, no content.
The resemblence is only that like in your case, this is an email that
probably has a purpose that we don't know about :-)
  An idea for my own case: somebody bought /made some forwards with many
domains, and they check to see who responds to these, in order to make a
nifty low bounce rate spam list. What do you think?

Domains that were specified for a "sender" in the emails:
Workpermit.com, snowcrest.com, aada.com, novellus.com. All i could find
in my trash so far :)

For your masturbation-capable virus:

This is a report processed by VirusTotal on 01/28/2006 at 20:56:23 (CET)
after scanning the file "masttyc.exe" file.
Antivirus Version Update Result 
AntiVir 6.33.0.81 01.28.2006 no virus found 
Avast 4.6.695.0 01.27.2006 no virus found 
AVG 718 01.27.2006 no virus found 
Avira 6.33.0.81 01.27.2006 no virus found 
BitDefender 7.2 01.28.2006 no virus found 
CAT-QuickHeal 8.00 01.27.2006 no virus found 
ClamAV devel-20051123 01.28.2006 no virus found 
DrWeb 4.33 01.28.2006 no virus found 
eTrust-InoculateIT 23.71.62 01.28.2006 no virus found 
eTrust-Vet 12.4.2058 01.27.2006 no virus found 
Ewido 3.5 01.28.2006 no virus found 
Fortinet 2.54.0.0 01.28.2006 no virus found 
F-Prot 3.16c 01.28.2006 no virus found 
Ikarus 0.2.59.0 01.27.2006 no virus found 
Kaspersky 4.0.2.24 01.28.2006 no virus found 
McAfee 4684 01.27.2006 no virus found 
NOD32v2 1.1385 01.28.2006 no virus found 
Norman 5.70.10 01.27.2006 no virus found 
Panda 9.0.0.4 01.28.2006 no virus found 
Sophos 4.02.0 01.28.2006 no virus found 
Symantec 8.0 01.28.2006 no virus found 
TheHacker 5.9.3.082 01.27.2006 no virus found 
UNA 1.83 01.27.2006 no virus found 
VBA32 3.10.5 01.28.2006 no virus found 


Php0t


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of y0himba
Sent: Saturday, January 28, 2006 8:23 PM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Can Someone Tell Me What This Is?

Hi.  Got this in an email, have no idea if it is just some stupid
command line joke or if it does something I don't know about.  Attached,
.rar format Win32 .exe inside.  I have attached the source code.
Subject line, "Masturbation Tycoon". I am not a programmer at all, but
there seems to be nothing suspicious in the source code either.  Maybe I
missed something in my newbness? Ran it in a sandbox, didn't seem to do
anything odd.  AVG, AntiVir and Bitdefender all say nothing about it.  I
am paranoid however. Thanks for any input.  


-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/GIT/GO d- s: a C++++$ UL++++ P++++ L++++ E++++ W++++ N+++++ o++++
K++ w
O- M- V-- PS+ PE Y++ PGP++ t+ 5-- X+++++ R* tv++ b+++++ DI++ D++++
G++ e h---- r+++ y++++
------END GEEK CODE BLOCK------
Get Your Geek Code:  http://www.geekcode.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault