[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Virus / Trojan

Some info for you:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100945

На чт, 2004-01-15 в 10:12, PhilZ записа:

> It was detected by TrendMicro VirusWall ;-)
> 
> Regards
> 
> 
> 
> ----- Original Message ----- 
> From: "Otero, Hernan (EDS)" <HOtero@lanchile.cl>
> To: <full-disclosure@lists.netsys.com>
> Sent: Friday, January 09, 2004 8:47 PM
> Subject: [Full-Disclosure] Virus / Trojan
> 
> 
> Today found this suspicious file attached to an email, obviously is a virus
> (our AV dont detect it :-( ). The virus/trojan is very simple, the
> developer only put effort in obfuscate the strings inside the binary.
> 
> The executable file try to connect to gamemaniacs.org and download a file.
> This file will be located in the system directory
> 
> The url used in the GET is:
> 
> gamemaniacs.org /download/get.php?dist=2
>  
> This will download the binary saved as msvchost.exe
> 
> any one know what virus/trojan is this?
> 
> 
> 
> -H
> 
> 
>  <<VIRUS1_DETECTED_AND_REMOVED_winxp_sp1_VIRINFO.TXT>> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
perl -e '$D="-";$N="\n";print $D x30,$N,(join $N,@INC),$N,$D x30,$N;'
--------------------- or point your browser at http://www.vulcho.com/