[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Virus / Trojan

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Virus / Trojan
From: "Otero, Hernan (EDS)" <HOtero@lanchile.cl>
Date: Fri, 9 Jan 2004 15:47:43 -0400

Today found this suspicious file attached to an email, obviously is a virus
(our AV don´t detect it :-( ). The virus/trojan is very simple, the
developer only put effort in obfuscate the strings inside the binary.

The executable file try to connect to gamemaniacs.org and download a file.
This file will be located in the system directory

The url used in the GET is:

gamemaniacs.org /download/get.php?dist=2
 
This will download the binary saved as msvchost.exe

any one know what virus/trojan is this?



-H


 <<VIRUS1_DETECTED_AND_REMOVED_winxp_sp1_VIRINFO.TXT>>

01/09/2004 03:47 PM The original attachment contains a virus or meets the 
File-Blocking rules. ScanMail took action: winxp_sp1.zip/Moved, please see your 
Exchange Server administrator for details!

Follow-Ups:
- Re: [Full-Disclosure] Virus / Trojan
  - From: William Warren <hescomingsoon@verizon.net>
- Re: [Full-Disclosure] Virus / Trojan
  - From: Axel Pettinger <api@epost.de>
- Re: [Full-Disclosure] Virus / Trojan
  - From: "Exibar" <exibar@thelair.com>
- Re: [Full-Disclosure] Virus / Trojan
  - From: Nick FitzGerald <nick@virus-l.demon.co.uk>

Prev by Date: RE: [Full-Disclosure] gcc: Internal compiler error: program cc1 g ot fatal signal 11
Next by Date: Re: [Full-Disclosure] 45% of the free files collected via KaZaA contained malware
Previous by thread: Re: [Full-Disclosure] gcc: Internal compiler error: program cc1 g ot fatal signal 11
Next by thread: Re: [Full-Disclosure] Virus / Trojan
Index(es):
- Date
- Thread