[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] patch-9449

To: Steward Smith <fulldisc@xxxxxxxxx>, Wong Chee Chun <cheechun2005@xxxxxxxxx>
Subject: Re: [Full-disclosure] patch-9449
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Fri, 13 Apr 2007 12:14:35 +0300 (EEST)

Wong Chee Chun <cheechun2005@xxxxxxxxx> wrote: 

Dshield (ISC) page discusses about the same issue.
The filenames are randomized. 4 or 5 numbers always.

- Juha-Matti 

> Dshied's recent diary entry might has something related about this virus i
> guess. except that the filename is patch-58214.zip.
>
>Here is the link to the diary -->
>
>http://www.dshield.org/diary.html?storyid=2618&dshield=0fcfb711fed834995b1d52da5f438c11
>
>
>cheers
>

On 4/13/07, Steward Smith <fulldisc@xxxxxxxxx> wrote:

Hi,

Had a funny spam today that warned about mails coming from my IP address
and I should apply the attached patch. The filename was named
patch-9449.exe which was attached in a password protected zip file -
presumably to fool your virus scanner.

I unpacked it but my up-to-date virus scanner on my Windows XP vmware
instance cannot detect any malware.

Has anyone else seen this and know what it is?

Stew

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] patch-9449
Next by Date: [Full-disclosure] [OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed
Previous by thread: Re: [Full-disclosure] patch-9449
Next by thread: [Full-disclosure] Ettercap-NG 0.7.3 Remote DoS
Index(es):
- Date
- Thread