[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] spamming trojan?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] spamming trojan?
From: Joe Stewart <jstewart@xxxxxxxxx>
Date: Wed, 16 Jun 2004 08:44:43 -0400

On Wed, 16 Jun 2004 08:23:59, geoincidents@xxxxxxx wrote:
> Anyone want to try and analyze what this thing is? It was spammed to 
> about 30 addresses here this morning. 

The end stage appears to be a new variant of the Cjdra proxy trojan. 
This person has been spreading trojans via spammed-exploit for a while 
now, and now it looks as if he/she has upgraded to the latest IE 
exploit.

http://vil.nai.com/vil/content/v_100939.htm describes an older variant.

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] spamming trojan?
  - From: Geo.

Prev by Date: [Full-Disclosure] spamming trojan?
Next by Date: [Full-Disclosure] Re: Multiple Antivirus Scanners DoS attack.
Previous by thread: [Full-Disclosure] Akamai DoS - insider job?
Next by thread: RE: [Full-Disclosure] spamming trojan?
Index(es):
- Date
- Thread