[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <PEECKACPJJIKFEBCDKPFGEHMCEAA.mjcarter@ihug.co.nz>
From: mjcarter at ihug.co.nz (Mike)
Subject: Potentially new Virus
Hi Anthony,
I have tried that and it now works when searching in Sophos with this "Hello
my dear Mary" but it didn't yesterday, I know that just means they didn't
have a name or didn't have detection for it when I did the search.
And I did notice that searching Symantec with "Hello my dear Mary" today now
returns a good result: Backdoor.Sysbug which is AKA BackDoor-CAG,
Troj/Sysbug-A . Using that search at NAI returns nothing and using it at
Trend returns 500 results?? I don't have time to go through all that.
My whish is to be able to search by characteristics using criteria like msg
body, subject, ports used, reg changes, dropped files, whatever else you can
think of... etc etc etc without having to wade through pages of crap.
I guess what I'm asking for is a database of virus characteristics that
would probably need to be independent of av vendors because, after all, they
are in the business to make money.
I'm probably asking too much.
Regards
Mike
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Anthony
Aykut
Sent: Tuesday, November 25, 2003 9:19 PM
To: Mike; Tireman; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Potentially new Virus
Try Sophos - www.sophos.com
http://www.sophos.com/virusinfo/analyses/trojsysbuga.html
Thanks,
Anthony Aykut
Frame4 Security Systems
Your Partner in IT Security
http://www.frame4.com/
Tel/Fax : +31(0)172-515901
Mobile : +31(0)651-491507
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Mike
Sent: Tuesday, November 25, 2003 08:15
To: Tireman; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Potentially new Virus
Hi Andrew,
The message body does ring a bell, but I don't remember what the virus is. I
searched many different anti-virus vendor sites and googled.
Which brings me to this question: why is it so damn hard for us to search
for info on viruses by subject, msg body, or/and symptoms???
It gets really frustrating when you recognize certain characteristics of a
virus but can't search for them!!
Is there a service I'm unaware of?
Thanks
Mike
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Tireman
Sent: Tuesday, November 25, 2003 6:57 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Potentially new Virus
Has anyone come across a virus with the following message body and
attached a file called 'Private.zip' which unzips to wendynaked.jpg.exe
I couldn't find any info on Symantecs security response site or Google
either.
Message Body:
----- Start ---
Hello my dear Mary,
I have been thinking about you all night. I would like to apologize for
the other night when we made beautiful love and did not use condoms. I
know this was a mistake and I beg you to forgive me.
I miss you more than anything, please call me Mary, I need you. Do you
remember when we were having wild sex in my house? I remember it all
like it was only yesterday. You said that the pictures would not come
out good, but you were very wrong, they are great. I didn't want to show
you the pictures at first, but now I think it's time for you to see
them. Please look in the attachment and you will see what I mean.
I love you with all my heart, James.
Andrew
----- End ----
--
(6) It is easier to move a problem around (for example, by moving
the problem to a different part of the overall network
architecture) than it is to solve it.
(6a) (corollary). It is always possible to add another level of
indirection.
-- RFC 1925
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists