[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.0.3.0.0.20040401000923.10b29c60@209.112.4.2>
From: mike at sentex.net (Mike Tancsa)
Subject: Encrypted document
I think this is bagle.n no ? Both NAI and f-prot see it as that.
---Mike
At 10:22 PM 31/03/2004, Alerta Redsegura wrote:
>Interesting one.
>Kaspersky antivirus says it is "bvblpiewo.exe Suspicion: PSW-Worm".
>
>Supposing the message was automatically generated and not manually
>crafted, the bmp-contained password is an interesting feature.
>
>I?igo Koch
>redsegura.com
>
>
>
>De: full-disclosure-admin@...ts.netsys.com
>[mailto:full-disclosure-admin@...ts.netsys.com]En nombre de
>ge@...tistical.reprehensible.net
>Enviado el: mi?rcoles 31 de marzo de 2004 22:18
>Para: full-disclosure@...ts.netsys.com
>Asunto: [Full-Disclosure] Encrypted document
>Please, have a look at the attached file.
>
>In order to read the attach you have to use the following password:
>6921caf.bmp
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 6921caf.bmp
Type: application/octet-stream
Size: 2094 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040401/017c2b98/6921caf.obj
Powered by blists - more mailing lists