Full Disclosure mailing list archives

Re: Another noxious M$ trojan

From: Oliver Heinz <h1o () arago de>
Date: Thu, 20 Nov 2003 07:27:13 +0100

Hello Gregory,

this is the virus "W32/Swen.A-mm"

Regards, Oliver Heinz
  -------------------------------------------------------------------------
 | arago,                     |  Oliver Heinz                              |
 | Institut fuer komplexes    |  Bereichsleiter Systembetrieb & Security   |
 | Datenmanagement AG         |  eMail: heinz () arago de                     |
 | Am Niddatal 3              |                                            |
 | 60488 Frankfurt am Main    |  http://www.arago.de/                      |
 | Tel: +49-69-40568-401      |  PGP-Fingerprint: a5de d4b4 46b3 4d8b 2646 |
 | Fax: +49-69-40568-111      |                   d4d0 e5fd d842 cc4e 7315 |
  -------------------------------------------------------------------------

On Wed, 19 Nov 2003, Gregory A. Gilliss wrote:

Date: Wed, 19 Nov 2003 21:23:59 -0800
From: Gregory A. Gilliss <ggilliss () netpublishing com>
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Another noxious M$ trojan

For all who were interested in reviewing the suspect binaries, I have
posted them on my Web site:

http://www.gilliss.com/greg/bin/awsqyf.zip
http://www.gilliss.com/greg/bin/update1991.zip

The first is 52521 bytes and the second is 51529 bytes. Both executables,
when uncompressed, measure 106496 bytes. Each file expands to a Windows
.EXE file.

These files are suspected MALWARE and should not be executed except under
controlled circumstances. I accept no responsibility for damages.

BTW, I hope it's just another Gibe variant also...problem with running
UNIX and getting all these useless attachments >-)

G

-----Original Message-----
From: Gregory A. Gilliss [mailto:ggilliss () netpublishing com]
Sent: Wednesday, November 19, 2003 6:22 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Another noxious M$ trojan


Hello all:

Heads up - I received this in my mailbox this afternoon (Wednesday PST).

<SNIP>

--
Gregory A. Gilliss, CISSP                              E-mail: greg () gilliss com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Another noxious M$ trojan Gregory A. Gilliss (Nov 19)
- Re: Another noxious M$ trojan Valdis . Kletnieks (Nov 19)
- Re: Another noxious M$ trojan :-) (Nov 20)
  - Re: Another noxious M$ trojan Bart . Lansing (Nov 20)
- <Possible follow-ups>
- Re: Another noxious M$ trojan Gregory A. Gilliss (Nov 19)
  - Re: Another noxious M$ trojan Oliver Heinz (Nov 19)
  - Re: Another noxious M$ trojan Nick FitzGerald (Nov 19)
  - Message not available
    - Re: Another noxious M$ trojan Gregory A. Gilliss (Nov 19)