lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4nMfdrDfzUmGWYpeSwubl8KAAAAQAAAAAccRh+EweU2ydDNCx66ZvgEAAAAA@uni.de> From: iss at uni.de (iss@....de) Subject: AW: FW: Fake Email (Update) Knock Knock, I'm Sober.C Yes, I'm a virus/worm. I spread via file sharing on peer-to-peer networks and by emailing. Just have a look at http://www.sophos.com/virusinfo/analyses/w32soberc.html and close this thread. ISS -----Urspr?ngliche Nachricht----- Von: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] Im Auftrag von Nick FitzGerald Gesendet: Samstag, 28. Februar 2004 03:21 An: full-disclosure@...ts.netsys.com Betreff: Re: [Full-Disclosure] FW: Fake Email (Update) "Tiago Halm" <thalm@...cabo.pt> wrote: <<snip>> > Size: 74142 bytes > > Executed strings (ANSI and UNICODE) on it, but could not find anything > relevant. Because it is compressed -- at runtime a stub routine decompresses the bulk of the .EXE file into memory, fixes things up and then starts "normal" execution of the program... > Also ran DUMPBIN /ALL and saw only the following imports: > > Section contains the following imports: > > KERNEL32.DLL <<snip>> > MSVBVM60.DLL <<snip>> > Does anyone recognize something with this? >From the above and earlier clues, it sounds like it should be Sober.C (or perhaps a similar, new Sober variant?). Does a reliable, up-to- date virus scanner detect it? > I someone needs the attachment, I'll send it zipped by email. If it is not detected by major virus scanners, send a sample to their developers. No-one else "needs" it... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists