RE: [Full-Disclosure] Possible New Malware....

["Aditya , ALD [ Aditya Lalit Deshmukh ]" <aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>]

Blankdo you know that www.slimeware.com is a paranody site with no real 
coproation behind it, the fellow who wrote this program has a real good sence 
of humor 




    -----Original Message-----
  From: Swearingen, Bill W [CC] [mailto:bill.p.swearingen@xxxxxxxxxxxxxxx]
  Sent: Tuesday, August 24, 2004 01:01 AM
  To: ald2003@xxxxxxxxxxxxxxxxxxxxx; full-disclosure-admin@xxxxxxxxxxxxxxxx
  Subject: RE: [Full-Disclosure] Possible New Malware....
  Sensitivity: Confidential


  Taking a look at RunDLL32e.txt shows the name "slimeware corp"

  Doing a google search I found http:// www. slimeware. com/downloads.htm

  In their License Agreement they state this:

  *  This is a legally binding agreement between yourself "you" and Slimeware 
Corporation "Slimeware".

  < OTHER DETAILS SNIPPED> 





------------------------------------------------------------------------------
  From: full-disclosure-admin@xxxxxxxxxxxxxxxx 
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Aditya , ALD [ 
Aditya Lalit Deshmukh ]
  Sent: Monday, August 23, 2004 10:04 AM
  To: Full-Disclosure@Lists. Netsys. Com
  Subject: [Full-Disclosure] Possible New Malware....
  Importance: High
  Sensitivity: Confidential


  Hi List, Possible new malware makes startup entries and copies itself to the 
windows folder this is where it was found, creates a CurruntPowerProfile reg 
startup key with a value of Rundll32.exe,powrprof.dll,LoadCurrentPwrScheme2.exe 
cant find anything else that it is doing except that it is written in VB anyone 
willing to have a look at it ? the files are attached as they are just ~ 40 KB  
-aditya ( simply ren *.txt to *.exe )