lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <025101c7238d$a87158f0$f9540ad0$@com>
Date: Tue, 19 Dec 2006 23:49:29 +0700
From: "Christopher Mosby" <m@...v.com>
To: <bugtraq@...urityfocus.com>
Subject: New Skype Worm

Websense Security Labs has had reports of a new worm that uses Skype to
propagate. We are still investigating the issue but here are the details so
far:

* users receive messages via Skype Chat to download and run a file
* the filename is called sp.exe
* assuming the file is run it appears to drop and run a password stealing
Trojan Horse
* the file also appears to run another set of code that uses Skype to
propagate the original file
* the file is packed and has anti-debugging routines (NTKrnl Secure Suite
packer)
* the file connects to a remote server for additional code
* the original site has been black holed and is not serving the code anymore
* the number of victims is still TBD
* the original infections appear to be in APAC region (Korea in particular)

More: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=716 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ