[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!
- To: full-disclosure@xxxxxxxxxxxxxxxx, full-disclosure-admin@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!
- From: Martin Wasson <marto@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 11 Jun 2004 06:40:22 -0700 (PDT)
Billy,
As FD's foremost expert on virii, can you answer a question for me? Is
it possible that this is one of Polly Morfick's viruses? They can change
ports, right? After seeing your discovery, I too found a computer at home
trying to infect the Internet with the 443 virus. Though I too have now shut
down port 443 outbound on my border Tiny Personal FW at home, my Windows ME
workstation is STILL launching attacks against the Internet on ports 53, 80,
and 25. I discovered that my wife's computer has the virus too, and has been
trying to infect port 80 on a machine called
www.married-women-looking-for-action.com. The funny thing is, I thinks it's on
a timer, because it doesn't even start attacking until after I go to bed.
Weird!!! Another thing is, the virus also seems to be asking a computer (who's
name is apparently "arp") for some kind of encrypted data. I think the virus's
encrypted name might be either 00-0D-35-B4-56-01 or 172.16.10.10, because it's
asking this "arp" whohas 00-0D-56-75-B4-46, and to tell 172.16.10.10 if it
finds it. NOT goo!
d!! I tried to research it, but only came up with stuff about Apple Computer
addresses and something called Hexadecimals. As you can imagine, I don't even
HAVE any MACs, just PCs, and 00-0D-35-B4-56-01 looks more like HexaDASHES than
Hexadecimals. What gives?
SMARTACVS
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html