lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY7-DAV2783wxnGKen00020756@hotmail.com>
From: helmut_hauser at hotmail.com (Helmut Hauser)
Subject: Virus Thread Netsky.D and Quick analysis

Netsky.D is rapildely spreading ...

Quick analysis:
Packed with the Petite exe Packer V2.2
Tries to infect the follwing drives and/or network shares:
z:  y:  x:  w:  v:  u:  t:  s:  r:  q:  p:  o:  n:  m:  l:  k:  j:  i:  h:
g:  f:  e:  d:  c:
Has follwing IP addresses built in:
 212.44.160.8    195.185.185.195 151.189.13.35   213.191.74.19
193.189.244.205 145.253.2.171   193.141.40.42   194.25.2.134    194.25.2.133
194.25.2.132    194.25.2.131    193.193.158.10  212.7.128.165
212.7.128.162   193.193.144.12  217.5.97.137    195.20.224.234  194.25.2.130
194.25.2.129    212.185.252.136 212.185.253.70  212.185.252.73
62.155.255.16

Interesting string: be aware! Skynet.cz - -->AntiHacker Crew<-- 

Installs itself at
CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
SOFTWARE\Microsoft\Windows\CurrentVersion\Run    -stealth   winlogon.exe
System\CurrentControlSet\Services\WksPatch
Software\Microsoft\Windows\CurrentVersion\Explorer\PINF Sentry  OLE service
au.exe  d3dupdate.exe

Was signed by skoorpio@...oo.com

Helmut Hauser
Systemadministration EDV
Intraplan Consult GmbH
Orleansplatz 5a
81667 M?nchen
(089) 45911-123
http://www.intraplan.de


Powered by blists - more mailing lists