| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY12-F100BEr8pkpLk00002f9e@hotmail.com> From: randnut at hotmail.com (first last) Subject: Quick Analysis of Netsky-B >The Viruswriter seems to be from Germany > >The string skynet@...net.de >AdmSkynetJklS003 >can be found inside the virus code >the IP 217.5.100.1 is a dial up from the german Telekom: DTAG-DIAL13 >one of the attatchment names refers to a german explicit "movie star" It's very easy to fake that kind of stuff, but most virus writers don't seem to do that so yes he (yes, I assume it's a guy) is probably german or at least knows some german. >Nothing new as I can see, When people realize that you can make lots of money with a successful virus, you're going to see more advanced viruses written by professionals. >packed with upx, UDP packet sender, SMTP Routine, >tries to install itself as a service, tries to infect network shares and >file sharing ... business as usual. >the only not so harmless function is: Kernel32.DeleteFilaA That function is used to delete a temporary file, namely the zip file it emails to a random email address it finds on the hd. _________________________________________________________________ Find and compare great deals on Broadband access at the MSN High-Speed Marketplace. http://click.atdmt.com/AVE/go/onm00200360ave/direct/01/
Powered by blists - more mailing lists