Full Disclosure: Re: patch-9449

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: patch-9449

From: Mike Shafer <news-letter-subs () its-secured com>
Date: Fri, 13 Apr 2007 12:59:05 -0400

Myself and a client have received several over the past 24hrs.

I submitted one as the password protected zip file to VirusTotal and 
Kaspersky identified it as a virus/trojan as did several other AV 
products. Names varied so I didn't record them. Was most interested in 
seeing if there was a consistent identification of the archive.

Received another this morning which I unzipped on a Linux box  then 
tested with CA AV. It was identified as Win32/Pecoan.R

- Mike Shafer

Steward Smith wrote:

Hi,

Had a funny spam today that warned about mails coming from my IP address
and I should apply the attached patch. The filename was named
patch-9449.exe which was attached in a password protected zip file -
presumably to fool your virus scanner.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

patch-9449 Steward Smith (Apr 12)
- Re: patch-9449 Matti Ranta (Apr 12)
  - Re: patch-9449 mis (Apr 12)
- Re: patch-9449 Wong Chee Chun (Apr 13)
- Re: patch-9449 Mike Shafer (Apr 13)
- <Possible follow-ups>
- Re: patch-9449 Juha-Matti Laurio (Apr 13)