[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Online Script Decoder

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: Online Script Decoder
From: Feher Tamas <etomcat@xxxxxxxxxxx>
Date: Mon, 13 Dec 2004 11:14:18 +0100 (CET)

Hello,

>Is anyone able to decode this malware/exploit script-encoded :
>http://www.antiblock.biz/user256/2DimensionOfExploitsEnc.php

It's a trojan-dropper called VBS.Zerolin and it tries to
download an executable file also belonging to the
trojan-downloader family. It is called malware Win32.Zdesnado.Y

What that exe file tries to download, I don't know.

The place in the above URL should be CERTed down for sure.

Sincerely: Tamas Feher.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Re: Online Script Decoder
  - From: Willem Koenings

Prev by Date: Re: [Full-Disclosure] GPRS/IP-session from Nokia/Symbian mobile phone stays up
Next by Date: [Full-Disclosure] Multiple XSS Vulnerabilities in several UBB.Thread Versions
Previous by thread: [Full-Disclosure] Re: Online Script Decoder
Next by thread: Re: [Full-Disclosure] Re: Online Script Decoder
Index(es):
- Date
- Thread