lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OFB81E4662.7E673394-ONC1256D94.0050EAF6@juliusbaer.com>
From: roman.kunz at juliusbaer.com (roman.kunz@...iusbaer.com)
Subject: Virus, whether the scanners say so or not?

hi scott,

MCAfee does but it says it's the "W32/Sdbot.worm.gen"

cheers
roman

----------------------------------------------
"Scott Phelps / Dreamwright Studios" <scottp@...amwright.com> said:

I just got this from a co-workers computer. I've run it against 4 virus
scanners I have around (after running each one's definition update) and
nothing recognized it.

It really looks like W32.HLLW.Moega
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.html

But Symantec says it should catch it, which it doesn't. It looks like the
thing has been on his machine for about a month, and he's on an open cable
connection (Symantec mentions a trojan in moega) so I would like to know
what the payload is. It's a larger file than what Symantec has listed for
moega also.

Anybody seen it, or have a scanner that recognizes it?


D  R  E  A  M  W  R  I  G  H  T    S  T  U  D  I  O  S 
Dreamwright.com  - Web Design, Graphic Design, & Custom Software 
Programming
704-548-8653 office/fax  1-866-47-MY-WEB
PO Box 480188   Charlotte, NC 28269
 

*****Disclaimer*****
This message is for the addressee only and may contain confidential or 
privileged information. You must delete and not use it if you are not the 
intended recipient. It may not be secure or error-free. All e-mail 
communications to and from the Julius Baer Group may be monitored. 
Processing of incoming e-mails cannot be guaranteed. Any views expressed 
in this message are those of the individual sender. This message is for 
information purposes only. All liability of the Julius Baer Group and its 
entities for any damages resulting from e-mail use is excluded. US persons 
are kindly requested to read the important legal information presented 
after clicking here: http://www.juliusbaer.com/maildisclaimer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030901/3f4fc8d7/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ