lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3FB52920.1000303@linuxbox.org>
From: ge at linuxbox.org (Gadi Evron)
Subject: mimail trojan horses [WAS: Re: Fwd: YOUR PAYPAL.COM
 ACCOUNT EXPIRES]

> Actually the answer just came right now:
> http://www.sophos.com/virusinfo/analyses/w32mimaili.html
> 
> W32/Mimail-I is a worm which spreads via email using addresses harvested from the hard drive of your computer. All email addresses found on your PC are saved in a file named el388.tmp in the Windows folder. 
> In order to run itself automatically when Windows starts up the worm copies itself to the file svchost32.exe in the Windows folder and adds the following registry entry: 

mimial has been making rounds for a while now. I doubt it's the last 
variant we'll see.
The author sure is consistent though.
-- 
       Gadi Evron,
       ge@...uxbox.org.

The Trojan Horses Research mailing list - http://ecompute.org/th-list

My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf

PGP key for ge@...uxbox.org -
http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
Note: this key is used mainly for files and attachments, I sign email 
messages using:
http://vapid.reprehensible.net/~ge/Gadi_Evron_sign.asc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ