[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Virus / Trojan

To: "Otero, Hernan (EDS)" <HOtero@lanchile.cl>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Virus / Trojan
From: "John LaCour" <jlacour@zonelabs.com>
Date: Fri, 9 Jan 2004 11:59:31 -0800

It's the Xombe Trojan/Downloader.

> -----Original Message-----
> From: Otero, Hernan (EDS) [mailto:HOtero@lanchile.cl] 
> Sent: Friday, January 09, 2004 11:48 AM
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Virus / Trojan
> 
> 
> Today found this suspicious file attached to an email, 
> obviously is a virus (our AV don´t detect it :-( ). The 
> virus/trojan is very simple, the developer only put effort in 
> obfuscate the strings inside the binary.
> 
> The executable file try to connect to gamemaniacs.org and 
> download a file. This file will be located in the system directory
> 
> The url used in the GET is:
> 
> gamemaniacs.org /download/get.php?dist=2
>  
> This will download the binary saved as msvchost.exe
> 
> any one know what virus/trojan is this?
> 
> 
> 
> -H
> 
> 
>  <<VIRUS1_DETECTED_AND_REMOVED_winxp_sp1_VIRINFO.TXT>> 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Small vulnerability in Canadian Pay Pal Secret Question
Next by Date: Re: [Full-Disclosure] gcc: Internal compiler error: program cc1 g ot fatal signal 11
Previous by thread: RE: [Full-Disclosure] Virus / Trojan
Next by thread: Re: [Full-Disclosure] Virus / Trojan
Index(es):
- Date
- Thread