| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <004d01c3bf4e$6773ea30$7800a8c0@michixp> From: security at astrobox.net (Michael Bemmerl) Subject: Re: New Virus? ----- Original Message ----- From: "Nick FitzGerald" <nick@...us-l.demon.co.uk> Subject: [Full-Disclosure] Re: New Virus? > > Finally, the URLs you supplied in full all seem to be truly dead now, > but whatever it is could be being spread through multiple vectors and > multiple sites, so getting samples to those who can distribute > detection as far and fast as possible shold always be a priority with > such things, rather than something you think about after exhasusting > your own investigations... the same procedure: I got today at 1:03 pm from #229996748 a msg. In her details is a working URL with the same system, a fake 404-Error-message, dn.php (that acts as a .hta), that generates via VBScript a q.vbs, which downloads 3.jpg, which is an exe, etc. This URL works: http://www.daytalker.de/pics/Julia.htm
Powered by blists - more mailing lists