lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403031118.i23BIKP04053@netsys.com> From: surya at nsecure.net (Suresh Ponnusami) Subject: Backdoor not recognized by Kaspersky Another variant against the Netsky virus. It's is packed with UPX. It spreads with the password protected zip file, which gets bypassed through all most all the AV scanners with latest signature updates because No AV can decrypt it without the password. (though password is in the message content), we humans tend to open it after reading the message. Ok!, the analysis of the virus. * Known as Beagle.H and another variant is Beagle.I * Mcafee identifies it as W32/Bagle.gen@MM * Packed with UPX * Contains in-built smtp server * Creates Authentic Looking Smart Messages which might _trick_ most people to execute the content. (But when will user's get the knowledge about security??) :(( * Random zip password generation (all the passwords are 5-6 digits) * Contains "'Hey, NetSky, f**k off you b*t*h, don''t ruine our bussiness, wanna start a war?' * Connects and downloads the password protected zip from http://postertog.de/scr.php or http://www.gfotxt.net/scr.php or from http://www.maiklibis.de/scr.php or from http://151.201.0.39/ All the hosts were down at the time of this mail. * Does not contain any dangerous payload and performs other common virus thingies. * Auto starts via SOFTWARE\Microsoft\Windows\CurrentVersion\Run open Update your AV to the latest signatures. Do not open anything that does not make any sense to you. Even if it is from any known person. Especially when the zip contains files with .pif, .scr, .exe, .com extensions and any other executable attachments. - Suresh Ponnusami, Information Security Consultant, nSecure Software (P) Ltd. INDIA ----- Original Message ----- From: "Kristian Hermansen" <khermansen@...technology.com> To: <full-disclosure@...ts.netsys.com> Sent: Wednesday, 03 March, 2004 04:04 AM Subject: [Full-Disclosure] Backdoor not recognized by Kaspersky > Attached backdoor not recognized by Kaspersky or Norton 2004? I received > this file recently, but Kaspersky did not detect malicious code. Wondering >
Powered by blists - more mailing lists