[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSF.4.58.0401290056100.39640@erfrnepu.fhfcvpvbhf.bet>
Date: Thu, 29 Jan 2004 01:23:48 -0500 (EST)
From: Atom 'Smasher' <atom@...picious.org>
To: bugtraq@...urityfocus.com
Subject: new WIN virus?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
i don't know much at all about windows, but this spam got past my spam
filter and drew my attention. i tested the suspect file in some on-line
virus checkers, and they all reported the file as not being a threat.
looking at the page that the spam requested (hidden after "@" in the link)
i can only think that the file is up to no-good.
the original spam, the page that it requests, and the suspicious "exe"
file:
http://smasher.suspicious.org/tmp/live-virus.tgz
live-virus.tgz
md5: 42e6edfe1dcbb3e83f3da997014c7858
sha1: 372ef9ce498b3cd23cd7c0c2b404a18f7d1b7771
the TGZ contains:
- -rw-r--r-- atom/atom 1606 Jan 29 00:34 2004 spam
- -rw-r--r-- atom/atom 1941 Jan 29 00:31 2004 gift-with-headers.html
- -rw-r--r-- atom/atom 8704 Jan 28 22:41 2004 updatte.exe
updatte.exe was tested on:
yahoo-mail
http://www.kaspersky.com/remoteviruschk.html
http://www.dials.ru/english/www_av/
http://www.rav.ro/scan/indexn.php
and they all reported that the file poses no threat. i suspect they're
wrong.
...atom
_______________________________________________
PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------
fascism: n. A system of government that exercises a dictatorship
of the extreme right, typically through the merging of state and
business leadership, together with belligerent nationalism.
-- The American Heritage Dictionary, 1983
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAGKb8nCgLvz19QeMRAuKmAJ9vycEHwtOBNNQ5OkyInneQdb0IqQCff7U2
DdPmn6tznmWijT7S8OMWj6M=
=EscX
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists