[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] (no subject)
- To: "Jonathan Grotegut" <jgrotegut@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] (no subject)
- From: Bart.Lansing@xxxxxxxxx
- Date: Mon, 9 Aug 2004 14:47:32 -0500
Discovery Date : 8/10/2004 (PHL)
Origin : USA
Description ( updated : 8/9/2004 11:03:26 AM )
There are reports now in the USA of a malware spreading via email. The
file, price.exe, is spread as a ZIP file, and is included in a supposedly
manually-spammed email.
This price.exe file is a downloader and attempts to download a file named
2.jpg from different sites. The sites are currently inaccessible at the
time of this writing.
Infected customers also report a file named as windll.exe running in the
system.
TrendLabs is still currently analyzing the files and will soon post a more
detailed analysis.
--------------------------------------------------------------------------------
EPS Deliverables
Pattern
OPR 953 for WORM_BAGLE.AC
- Pattern under QA Testing 8/9/2004 11:23:44 AM
Thank you,
Fooks, LynnBart Lansing
Manager, Desktop Services
Kohl's IT
262-703-2911
full-disclosure-admin@xxxxxxxxxxxxxxxx wrote on 08/09/2004 02:03:54 PM:
> (In regards to new_price.zip file attachment)
>
> Anyone have any idea what this is, we had some clients just get pretty
> hard with this email. I am unable to find anything on it, from my VERY
> Limited knowledge it appears to be a virus exploiting one of the many
> holes in IE. Anyone else see anything on this yet?
>
> Jonathan Grotegut
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html