Full Disclosure mailing list archives
Re: patch-9449
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 13 Apr 2007 12:14:35 +0300 (EEST)
Wong Chee Chun <cheechun2005 () gmail com> wrote: Dshield (ISC) page discusses about the same issue. The filenames are randomized. 4 or 5 numbers always. - Juha-Matti
Dshied's recent diary entry might has something related about this virus i guess. except that the filename is patch-58214.zip. Here is the link to the diary --> http://www.dshield.org/diary.html?storyid=2618&dshield=0fcfb711fed834995b1d52da5f438c11 cheers
On 4/13/07, Steward Smith <fulldisc () swill org> wrote: Hi, Had a funny spam today that warned about mails coming from my IP address and I should apply the attached patch. The filename was named patch-9449.exe which was attached in a password protected zip file - presumably to fool your virus scanner. I unpacked it but my up-to-date virus scanner on my Windows XP vmware instance cannot detect any malware. Has anyone else seen this and know what it is? Stew _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- patch-9449 Steward Smith (Apr 12)
- Re: patch-9449 Matti Ranta (Apr 12)
- Re: patch-9449 mis (Apr 12)
- Re: patch-9449 Wong Chee Chun (Apr 13)
- Re: patch-9449 Mike Shafer (Apr 13)
- <Possible follow-ups>
- Re: patch-9449 Juha-Matti Laurio (Apr 13)
- Re: patch-9449 Matti Ranta (Apr 12)
