lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1092386306.752.36.camel@bobby.exaprobe.com>
Date: Fri, 13 Aug 2004 10:38:26 +0200
From: Nicolas Gregoire <ngregoire@...probe.com>
To: "T.H. Haymore" <bonk@...chat.chatsystems.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: JS/Zerolin


Le jeu 12/08/2004 à 17:37, T.H. Haymore a écrit :

> There are incoming reports of a JS/Zerolin (java script virus).  Anyone
> else seeing this ?  (I have no further information yet).

Hi,

I've seen theses emails since last Friday, and my gateway has since
received around 200 of them. KAV and ClamAV detect them as 
"TrojanDropper.VBS.Zerolin"

It appears that a small Jscript.Encoded code is hidden at the botton of
a false (true ?) spam. After several redirections, un ss.exe file is
downloaded. This file is detected as following :

KAV : Trojan.Win32.Genme.c
Trend : not detected
ClamAV : Trojan.Xebiz.A
F-Prot : W32/Xebiz.A
NAI : not detected

>From the Symantec website :

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xebiz.html
A large scale spamming of messages contained a link to a Web page
hosting the backdoor. Following the link downloads the file Links.HTA,
which in turn downloads and executes the Trojan as ss.exe


Regards,
-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire@...probe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ