| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mike at erdelynet.com (Michael Erdely) Subject: (no subject) ClamAV calls it Trojan.JS.Runme. My update for it came at 3 PM EDT today. From ClamAV Update list: Submission: 5025-web, 5026-web, 5027-web, 5028-web, 5029-web, 5030-web, 5043-web, 5044-web, 5045-web, 5046-web, 5047-web, 5048-web Sender: James Stevens, Bill Landry, Henning Spjelkavik, Melanie Dussiaume, Roman Scheucher, Gunter Mintzel, Mike Watterson, Martin, Rob Kudyba, wojciech myszka, Philip Corliss, Kevin Way Virus: unknown, JS/IllWill (McAfee), JS.Dword.dropper (Bitdefender), JScript/IE.VM.Exploit (Inoculate) Alias: TR/RunMe.Dldr.1 (Hbedv) Added: Trojan.JS.RunMe Added: Trojan.RunMe Note: The name may change. Note: There are more submissions with this; at the moment I'm publishing just some of them. -Mike Jonathan Grotegut wrote: > (In regards to new_price.zip file attachment) > > Anyone have any idea what this is, we had some clients just get pretty > hard with this email. I am unable to find anything on it, from my VERY > Limited knowledge it appears to be a virus exploiting one of the many > holes in IE. Anyone else see anything on this yet? > > Jonathan Grotegut > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists