lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY7-DAV2783wxnGKen00020756@hotmail.com> From: helmut_hauser at hotmail.com (Helmut Hauser) Subject: Virus Thread Netsky.D and Quick analysis Netsky.D is rapildely spreading ... Quick analysis: Packed with the Petite exe Packer V2.2 Tries to infect the follwing drives and/or network shares: z: y: x: w: v: u: t: s: r: q: p: o: n: m: l: k: j: i: h: g: f: e: d: c: Has follwing IP addresses built in: 212.44.160.8 195.185.185.195 151.189.13.35 213.191.74.19 193.189.244.205 145.253.2.171 193.141.40.42 194.25.2.134 194.25.2.133 194.25.2.132 194.25.2.131 193.193.158.10 212.7.128.165 212.7.128.162 193.193.144.12 217.5.97.137 195.20.224.234 194.25.2.130 194.25.2.129 212.185.252.136 212.185.253.70 212.185.252.73 62.155.255.16 Interesting string: be aware! Skynet.cz - -->AntiHacker Crew<-- Installs itself at CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32 SOFTWARE\Microsoft\Windows\CurrentVersion\Run -stealth winlogon.exe System\CurrentControlSet\Services\WksPatch Software\Microsoft\Windows\CurrentVersion\Explorer\PINF Sentry OLE service au.exe d3dupdate.exe Was signed by skoorpio@...oo.com Helmut Hauser Systemadministration EDV Intraplan Consult GmbH Orleansplatz 5a 81667 M?nchen (089) 45911-123 http://www.intraplan.de
Powered by blists - more mailing lists