[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <OF01F5B98D.37EB6787-ONC1256EAD.002F80BF-C1256EAD.002F9417@wave-solutions.com>
From: christoph.gruber at wave-solutions.com (Christoph Gruber)
Subject: another new worm submission
but I forgot to attach it:
--
Christoph Gruber, Senior Security Architect
WAVE Solutions Information Technology GmbH
Nordbergstrasse 13, A - 1090 Wien, Austria
christoph.gruber@...e-solutions.com
Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1
PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3 C2DF 435A C85C 558E D42B
full-disclosure-admin@...ts.netsys.com schrieb am 07.06.2004 14:06:21:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Josh wrote 04.06.2004 21:11:26:
>
> > http://www.detroit-x.com/analysis.htm
> >
> > This is something we found this morning. I have packet captures
> > that I will post.
> > I have attached the infected files found with FPORT and also
> > registry entries.
> >
> > We found this rebooting machines with the LSASS.exe error similar
> > to Sasser. As of 6/4/2004 we found no virus defs to pick it up.
> >
> >
> > Joshua Perrymon
> > Sr. Network Security Consultant
>
> Hi there!
>
> There is another Registry-entry:
>
>
> Cheers!
>
> - --
> Christoph Gruber, Senior Security Architect
> WAVE Solutions Information Technology GmbH
> Nordbergstrasse 13, A - 1090 Wien, Austria
> christoph.gruber@...e-solutions.com
> Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1
> PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3 C2DF 435A C85C 558E D42B
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQMRaFkNayFxVjtQrEQKmYwCg4ufJbS1o/5/C73FUSzBQ+D77OXsAoMLD
> 82mFBEHVI5D0bGtwTIoLQx9G
> =SKaL
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040608/50cc6171/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reg1.reg
Type: application/octet-stream
Size: 268 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040608/50cc6171/reg1.obj
Powered by blists - more mailing lists