lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: mjcarter at ihug.co.nz (Mike)
Subject: Potentially new Virus

Hi Anthony,

I have tried that and it now works when searching in Sophos with this "Hello
my dear Mary" but it didn't yesterday, I know that just means they didn't
have a name or didn't have detection for it when I did the search.

And I did notice that searching Symantec with "Hello my dear Mary" today now
returns a good result: Backdoor.Sysbug which is AKA BackDoor-CAG,
Troj/Sysbug-A  . Using that search at NAI returns nothing and using it at
Trend returns 500 results?? I don't have time to go through all that.

My whish is to be able to search by characteristics using criteria like msg
body, subject, ports used, reg changes, dropped files, whatever else you can
think of... etc etc etc without having to wade through pages of crap.

I guess what I'm asking for is a database of virus characteristics that
would probably need to be independent of av vendors because, after all, they
are in the business to make money.

I'm probably asking too much.

Regards

Mike
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Anthony
Aykut
Sent: Tuesday, November 25, 2003 9:19 PM
To: Mike; Tireman; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Potentially new Virus


Try Sophos - www.sophos.com

http://www.sophos.com/virusinfo/analyses/trojsysbuga.html

Thanks,
Anthony Aykut
Frame4 Security Systems
Your Partner in IT Security
http://www.frame4.com/
Tel/Fax : +31(0)172-515901
Mobile  : +31(0)651-491507

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Mike
Sent: Tuesday, November 25, 2003 08:15
To: Tireman; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Potentially new Virus


Hi Andrew,
The message body does ring a bell, but I don't remember what the virus is. I
searched many different anti-virus vendor sites and googled.
Which brings me to this question: why is it so damn hard for us to search
for info on viruses by subject, msg body, or/and symptoms???
It gets really frustrating when you recognize certain characteristics of a
virus but can't search for them!!

Is there a service I'm unaware of?

Thanks

Mike

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Tireman
Sent: Tuesday, November 25, 2003 6:57 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Potentially new Virus


Has anyone come across a virus with the following message body and
attached a file called 'Private.zip' which unzips to wendynaked.jpg.exe

I couldn't find any info on Symantecs security response site or Google
either.

Message Body:

----- Start ---
Hello my dear Mary,

I have been thinking about you all night. I would like to apologize for
the other night when we made beautiful love and did not use condoms. I
know this was a mistake and I beg you to forgive me.

I miss you more than anything, please call me Mary, I need you. Do you
remember when we were having wild sex in my house? I remember it all
like it was only yesterday. You said that the pictures would not come
out good, but you were very wrong, they are great. I didn't want to show
you the pictures at first, but now I think it's time for you to see
them. Please look in the attachment and you will see what I mean.

I love you with all my heart, James.

Andrew

----- End ----
--
(6)  It is easier to move a problem around (for example, by moving
         the problem to a different part of the overall network
         architecture) than it is to solve it.

         (6a) (corollary). It is always possible to add another level of
              indirection.

     -- RFC 1925

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ