| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.33.0408130946060.1207-100000@webchat.chatsystems.com> Date: Fri, 13 Aug 2004 09:50:37 -0500 (CDT) From: "T.H. Haymore" <bonk@...chat.chatsystems.com> To: Nicolas Gregoire <ngregoire@...probe.com> Cc: <bugtraq@...urityfocus.com>, <Mark.Amos@...nscorning.com> Subject: Re: JS/Zerolin On Fri, 13 Aug 2004, Nicolas Gregoire wrote: Nicholas, Thanks for the insight. I've received several replies telling me to look at McAfee (yadda-yadda) and other sites. I am well aware of the Zerolin VBS script as I researched it before posting. You've provided what insight I was looking for on the java script side. Mark, I think this is what we're looking for. Also, keep us updated as to what else you see as this could very well be a new version and they are indeed 'testing'. Thanks again, -th <snip> > Hi, > > I've seen theses emails since last Friday, and my gateway has since > received around 200 of them. KAV and ClamAV detect them as > "TrojanDropper.VBS.Zerolin" > > It appears that a small Jscript.Encoded code is hidden at the botton of > a false (true ?) spam. After several redirections, un ss.exe file is > downloaded. This file is detected as following : > > KAV : Trojan.Win32.Genme.c > Trend : not detected > ClamAV : Trojan.Xebiz.A > F-Prot : W32/Xebiz.A > NAI : not detected > > Regards, > -- > Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ================================================= Travis www.cyberabuse.org/crimewatch Email: Bonk@...tsystems.com | Bonk@...erabuse.org ================================================= /"\ \ / X ASCII Ribbon Campaign / \ Against HTML Email
Powered by blists - more mailing lists