lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030918235258.81817.qmail@web11008.mail.yahoo.com>
From: sgmasood at yahoo.com (S G Masood)
Subject: Web counter in the new Swen/Gibe.F worm

Hey,

I believe I have a sample...I am still studying it. I
don't know if it's fine if I mail it to the list. Mail
me if you need a copy(I'm online for only about 30min
more).

Upon initial glance, I find the "internals" a bit
strange. Maybe I am wrong.

--
S.G.Masood

Hyderabad,
India.
--


--- "B.K. DeLong" <bkdelong@...ox.com> wrote:
> At 02:31 PM 9/18/2003 -0400, you wrote:
> >Hi,
> >
> >Joe Stewart of Lurhq.com has made an interesting
> discovery about the new
> >Swen/Gibe.F worm that started circulating today: 
> When the worm infects
> >a new machine, it hits a Web counter.
> >
> >The URL of the counter is:
> >
> >
>
>http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&set=cnt006
> >
> >If this URL wraps in your email reader, here's a
> shorter version:
> >
> >    http://tinyurl.com/nufo
> >
> >At 2:30 EST, the counter is about 615,000.
> >
> >Here's a bit more about the worm:
> >
> >    http://news.com.com/2100-7349_3-5078696.html
> >
> >The server log entries for this counter might prove
> interesting to virus
> >researchers.  These entries could provide data for
> a statistical study
> >of computer worm transmissions.  Perhaps the
> Vutbr.cz Web site would be
> >willing to go public with this information.
> 
> Is anyone storing sample virii somewhere for
> analysis? Or do we have to 
> wait for it to show?
> 
> 
> --
> B.K. DeLong
> bkdelong@...ox.com
> +1.617.797.2472
> 
> http://ocw.mit.edu                           Work.
> http://www.brain-stream.com               Play.
> http://www.the-leaky-cauldron.org        Potter.
> http://www.city-of-doors.com               Sigil
> 
> PGP Fingerprint:
> 38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ