[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Encrypted document

To: "Alerta Redsegura" <alerta@xxxxxxxxxxxxx>, "Full-Disclosure" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Encrypted document
From: Mike Tancsa <mike@xxxxxxxxxx>
Date: Thu, 01 Apr 2004 00:10:05 -0500

I think this is bagle.n no ? Both NAI and f-prot see it as that.

---Mike

At 10:22 PM 31/03/2004, Alerta Redsegura wrote:

Interesting one.
Kaspersky antivirus says it is "bvblpiewo.exe Suspicion: PSW-Worm".
Supposing the message was automatically generated and not manually crafted, the bmp-contained password is an interesting feature.
Iñigo Koch
redsegura.com
De: full-disclosure-admin@xxxxxxxxxxxxxxxx [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]En nombre de ge@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Enviado el: miércoles 31 de marzo de 2004 22:18 Para: full-disclosure@xxxxxxxxxxxxxxxx Asunto: [Full-Disclosure] Encrypted document Please, have a look at the attached file.
In order to read the attach you have to use the following password:
6921caf.bmp

Attachment: 6921caf.bmp
Description: Binary data

References:
- RE: [Full-Disclosure] Encrypted document
  - From: Alerta Redsegura

Prev by Date: Re: [Full-Disclosure] Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
Next by Date: Re: [Full-Disclosure] Encrypted document
Previous by thread: RE: [Full-Disclosure] Encrypted document
Next by thread: Re: [Full-Disclosure] Encrypted document
Index(es):
- Date
- Thread