lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <000001c3fd8b$55970d30$0b0010ac@Casa.Local> From: thalm at netcabo.pt (Tiago Halm) Subject: FW: Fake Email (Update) Got access to the attachment (was blocked by Outlook XP, but after adding a String REG key - HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security\Level1Remo ve - with value - exe - I got access to the attachment) Size: 74142 bytes Executed strings (ANSI and UNICODE) on it, but could not find anything relevant. Also ran DUMPBIN /ALL and saw only the following imports: Section contains the following imports: KERNEL32.DLL 44327C Import Address Table 0 Import Name Table 0 time date stamp 0 Index of first forwarder reference 0 LoadLibraryA 0 GetProcAddress 0 ExitProcess MSVBVM60.DLL 44328C Import Address Table 0 Import Name Table 0 time date stamp 0 Index of first forwarder reference Ordinal 581 Does anyone recognize something with this? I someone needs the attachment, I'll send it zipped by email. Regards, Tiago Halm -----Original Message----- From: Tiago Halm [mailto:thalm@...cabo.pt] Sent: sexta-feira, 27 de Fevereiro de 2004 20:58 To: full-disclosure@...ts.netsys.com Subject: Fake Email Hi, Just received an email from "me@...rosoft.com.ve" with an attachment "remove-lsass_tool.exe" Headers: ---------------------------------------------------------------------- Received: from smtp.netcabo.pt ([192.168.16.2]) by VS2.hdi.tvcabo with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 Feb 2004 15:37:49 +0000 Received: from OEMCOMPUTER.ve ([80.104.215.25]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 Feb 2004 10:46:22 +0000 From: me@...rosoft.com.ve To: thalm@...cabo.pt Subject: a trojan is on your computer! Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MSMail-Priority: Normal Message-ID: <93210073709487.53933xsmail@...rosoft.com.ve> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="d7a124be6069b8e" Return-Path: me@...rosoft.com.ve X-OriginalArrivalTime: 26 Feb 2004 10:46:23.0617 (UTC) FILETIME=[C6EA4F10:01C3FC55] Date: 26 Feb 2004 10:46:23 +0000 ---------------------------------------------------------------------- Content: ---------------------------------------------------------------------- hello, I am from Denmark and you'll don't believe me, but a trojan horse in on your pc. I've scanned the network-ports on the internet. (I know, that's illegal) And I have found your pc. Your pc is open on the internet for everybody! Because the lsass.exe trojan is running on your system. Check this, open the task manager and try to stop that! You'll see, you can't stop this trojan. When you use win98/me you can't see the trojan!! On my system was this trojan, too! And I've found a tool to kill that bad thing. I hope that I've helped you! greets ---------------------------------------------------------------------- Anyone else got this too? If so, has somebody made any analisys on the attachment yet? The attachment was blocked, so I don't have access to it :( Regards, Tiago Halm
Powered by blists - more mailing lists