Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: VIRUS ALERT :(
From: Vincent <pros-n-cons () bak rr com>
Date: Mon, 19 Jan 2004 17:30:14 -0800

On Mon, 19 Jan 2004 16:52:07 -0800
Fyodor <fyodor () insecure org> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

From: Fyodor <fyodor () insecure org>
To: nmap-dev () insecure org
Cc: 
Bcc: 
Subject: VIRUS ALERT :(
Reply-To: 

As most of you probably noticed, the mail just posted to nmap-dev
purporting to be from me included an xlp.exe attachment.  I haven't
examined it, but you can assume it is some sort of worm or other
malicious payload.  I would never send a .exe file to the list.  It is
probably one of those annoying worms that spoof their "from" address.
I have just changed the list configuration to ban the
application/x-msdownload MIME type.

Still keep in mind that this is an unmoderated list and so be
careful.  Dozens of viruses/worms are sent to the list every day and
rejected because the sender isn't a member.  This one only got through
because it spoofed my address.  I have removed the mail from the list
archive.

In happier news, Nmap 3.50 is now available at
http://www.insecure.org/ .  I will send out an official announcement
tomorrow.  Here are the md5s:

5f670834aa53782ddb5a36c568d3aa2d  nmap-3.50-1.i386.rpm
bf57fbdac499700084593399540e96d3  nmap-3.50-1.src.rpm
b4363f445a7c502cf314ae88ab71ec6c  nmap-3.50.tar.bz2
9823bcd72f87051707e6e1c2b10d5d62  nmap-3.50.tgz
ca0ef17aafb0834c59ea1231b572ee3f  nmap-3.50-win32.zip
2c1d69453b461bcb017ca25026eaeb36  nmap-frontend-3.50-1.i386.rpm


Cheers,
Fyodor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBQAx7a84dPqJTWH2VAQFBOwQAyJ1HkPleel3NRZVAhnnkYBE2Qhjjd44i
p0Yl2Dy8QIWaSUQv3KZOlEfn6aztXJyz8xqPYOwXw7omutaK9A1w917rlW0yHgfh
a0UTEkVVOTo6wsyPWmtR+iT6DP/6vnE6bSne9+Lx+gqU8CwolzxWzaTipl5yzJbY
35PXLM7YSiM=
=9XUm
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org


According to my filter it is W32.Beagle.A () mm
http://www.virusbtn.com/resources/viruses/bagle.xml

if infected Delete the following registry value and reboot:
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe]

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]