Full Disclosure mailing list archives

Re: patch-9449


From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 13 Apr 2007 12:14:35 +0300 (EEST)

Wong Chee Chun <cheechun2005 () gmail com> wrote: 

Dshield (ISC) page discusses about the same issue.
The filenames are randomized. 4 or 5 numbers always.

- Juha-Matti 


Dshied's recent diary entry might has something related about this virus i
guess. except that the filename is patch-58214.zip.

Here is the link to the diary -->

http://www.dshield.org/diary.html?storyid=2618&dshield=0fcfb711fed834995b1d52da5f438c11


cheers


On 4/13/07, Steward Smith <fulldisc () swill org> wrote:

Hi,

Had a funny spam today that warned about mails coming from my IP address
and I should apply the attached patch. The filename was named
patch-9449.exe which was attached in a password protected zip file -
presumably to fool your virus scanner.

I unpacked it but my up-to-date virus scanner on my Windows XP vmware
instance cannot detect any malware.

Has anyone else seen this and know what it is?

Stew

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Current thread: