[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] patch-9449

To: Steward Smith <fulldisc@xxxxxxxxx>
Subject: Re: [Full-disclosure] patch-9449
From: Mike Shafer <news-letter-subs@xxxxxxxxxxxxxxx>
Date: Fri, 13 Apr 2007 12:59:05 -0400

Myself and a client have received several over the past 24hrs.

I submitted one as the password protected zip file to VirusTotal and 
Kaspersky identified it as a virus/trojan as did several other AV 
products. Names varied so I didn't record them. Was most interested in 
seeing if there was a consistent identification of the archive.

Received another this morning which I unzipped on a Linux box  then 
tested with CA AV. It was identified as Win32/Pecoan.R

- Mike Shafer

Steward Smith wrote:
> Hi,
>
> Had a funny spam today that warned about mails coming from my IP address
> and I should apply the attached patch. The filename was named
> patch-9449.exe which was attached in a password protected zip file -
> presumably to fool your virus scanner.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] patch-9449
  - From: Steward Smith

Prev by Date: Re: [Full-disclosure] A Botted Fortune 500 a Day
Next by Date: [Full-disclosure] TSRT-07-04: LANDesk Management Suite Alert Service Stack Overflow Vulnerability
Previous by thread: Re: [Full-disclosure] patch-9449
Next by thread: Re: [Full-disclosure] patch-9449
Index(es):
- Date
- Thread