[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] media-motor.net

To: "Brandy Simon" <brandysimon@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] media-motor.net
From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
Date: Mon, 15 Nov 2004 13:27:59 -0800

file is a MSVB exe, here are some fun strings from the binary...
( spyware, but not a trojan )

http://www.maxmind.com:8010/a?l=PeAyF1sgrZYw&i=\tempf.txt
\usta32.ini
http://mmm.media-motor.net/bundle.php?aff=\affbun.txt
  phases
  sewers
  outers
c:\asdf.txt
randomdll
mydll
randomocx
 \regsvr32 /s 
 randomexe
myexe
 SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  uinstaller
  unstall.exe
 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor
  DisplayName
  Media-motor
\unstall.exe
http://logs.media-motor.net/log3.php?c=&what=newinstall&aff=&country=
 \tempf2.txt
&what=dupinstall&aff=

> anyone familiar with this group (media-motor.net/Roings.com) ? they
> seem to be sending downloader.trojan files to unsuspecting people
> using everyone.net webmail accounts.
> http://mmm.media-motor.net/soft/default.exe
> the webmail i discovered it on was from sunguru.com

> tries to download that file everytime i log in or log out.?
proally using IE huh?????

fun stuff,
m.w

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] media-motor.net
  - From: Brandy Simon

Prev by Date: RE: [Full-Disclosure] IE is just as safe as FireFox
Next by Date: [Full-Disclosure] Re: Eudora 6.2 attachment spoof
Previous by thread: Re: [Full-Disclosure] media-motor.net
Next by thread: [Full-Disclosure] Multiple vulnerabilities in Hired Team: Trial (Shine engine)
Index(es):
- Date
- Thread