lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: ge at (Gadi Evron)
Subject: mimail trojan horses [WAS: Re: Fwd: YOUR PAYPAL.COM

> Actually the answer just came right now:
> W32/Mimail-I is a worm which spreads via email using addresses harvested from the hard drive of your computer. All email addresses found on your PC are saved in a file named el388.tmp in the Windows folder. 
> In order to run itself automatically when Windows starts up the worm copies itself to the file svchost32.exe in the Windows folder and adds the following registry entry: 

mimial has been making rounds for a while now. I doubt it's the last 
variant we'll see.
The author sure is consistent though.
       Gadi Evron,

The Trojan Horses Research mailing list -

My resume (Hebrew) -

PGP key for -
Note: this key is used mainly for files and attachments, I sign email 
messages using:

Powered by blists - more mailing lists