[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: New Virus?

To: <nick@virus-l.demon.co.uk>, "Full Disclosure" <full-disclosure@lists.netsys.com>, <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
Subject: Re: [Full-Disclosure] Re: New Virus?
From: "Michael Bemmerl" <security@astrobox.net>
Date: Wed, 10 Dec 2003 19:49:54 +0100

----- Original Message -----
From: "Nick FitzGerald" <nick@virus-l.demon.co.uk>
Subject: [Full-Disclosure] Re: New Virus?
>
> Finally, the URLs you supplied in full all seem to be truly dead now,
> but whatever it is could be being spread through multiple vectors and
> multiple sites, so getting samples to those who can distribute
> detection as far and fast as possible shold always be a priority with
> such things, rather than something you think about after exhasusting
> your own investigations...

the same procedure: I got today at 1:03 pm from #229996748 a msg. In her
details is a working URL with the same system, a fake 404-Error-message,
dn.php (that acts as a .hta), that generates via VBScript a q.vbs, which
downloads 3.jpg, which is an exe, etc.
This URL works: http://www.daytalker.de/pics/Julia.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Re: New Virus?
  - From: Nick FitzGerald <nick@virus-l.demon.co.uk>

Prev by Date: [Full-Disclosure] Cisco Security Advisory: Unity Vulnerabilities on IBM-based Servers
Next by Date: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Previous by thread: [Full-Disclosure] Re: New Virus?
Next by thread: [Full-Disclosure] [OMG] NSRG Security & Lorenzo Hernandez "SuckYouBeans" Garcia-Hierro
Index(es):
- Date
- Thread