lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4059F062.10850.29A6FC8@localhost>
From: rslade at sprint.ca (Rob, grandpa of Ryan, Trevor, Devon & Hannah)
Subject: New Virus probably Bagle.Q

From:           	"Helmut Hauser" <helmut_hauser@...mail.com>
Date sent:      	Thu, 18 Mar 2004 11:08:44 +0100

> link to virus is ...
> http://blah.blah.blah:81/100721.php

The php is a dead giveaway: this is probably Bagle.Q et al.  (The message probably 
had object tags around this, correct?)  The infected machine will download a 
script: the script will download a (seemingly innocuous) file, and then rename it 
and invoke it.  Then *you* start sending out email like that  :-)

> Host is in Korea, abuse warning has been sent.

Have you also contacted the ISP?  The machine owner is probably unaware of 
what is going on.  (The samples I've got are from Korea as well.)


======================  (quote inserted randomly by Pegasus Mailer)
rslade@....bc.ca      slade@...toria.tc.ca      rslade@....soci.niu.edu
Those are my principles. If you don't like them I have others.
                                                      - Groucho Marx
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ