lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <OFAA876F09.4F1CC7A7-ONC1256EAD.00359F8C-C1256EAD.0035AE42@wave-solutions.com>
From: christoph.gruber at wave-solutions.com (Christoph Gruber)
Subject: another new worm submission

many virusfilters filter *.reg files, so here the TXT version:



-- 
Christoph Gruber, Security WAT1SE
WAVE Solutions Information Technology GmbH 
Nordbergstrasse 13, A - 1090 Wien, Austria
christoph.gruber@...e-solutions.com
Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1
PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3  C2DF 435A C85C 558E D42B

full-disclosure-admin@...ts.netsys.com schrieb am 08.06.2004 10:39:46:

> 
> but I forgot to attach it: 
> 
> 
> 
> -- 
> Christoph Gruber, Senior Security Architect
> WAVE Solutions Information Technology GmbH 
> Nordbergstrasse 13, A - 1090 Wien, Austria
> christoph.gruber@...e-solutions.com
> Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1
> PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3  C2DF 435A C85C 558E D42B 
> 
> full-disclosure-admin@...ts.netsys.com schrieb am 07.06.2004 14:06:21:
> 
> > 
> > -----BEGIN PGP SIGNED MESSAGE----- 
> > Hash: SHA1 
> > 
> > Josh wrote 04.06.2004 21:11:26: 
> > 
> > > http://www.detroit-x.com/analysis.htm 
> > > 
> > > This is something we found this morning. I have packet captures 
> > > that I will post. 
> > > I have attached the infected files found with FPORT and also 
> > > registry entries. 
> > > 
> > > We found this rebooting machines with the LSASS.exe error similar 
> > > to Sasser. As of 6/4/2004 we found no virus defs to pick it up. 
> > > 
> > > 
> > > Joshua Perrymon 
> > > Sr. Network Security Consultant 
> > 
> > Hi there! 
> > 
> > There is another Registry-entry: 
> > 
> > 
> > Cheers! 
> > 
> > - -- 
> > Christoph Gruber, Senior Security Architect 
> > WAVE Solutions Information Technology GmbH 
> > Nordbergstrasse 13, A - 1090 Wien, Austria 
> > christoph.gruber@...e-solutions.com 
> > Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1 
> > PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3  C2DF 435A C85C 558E D42B 
> > 
> > 
> > -----BEGIN PGP SIGNATURE----- 
> > Version: PGP 8.0.3 
> > 
> > iQA/AwUBQMRaFkNayFxVjtQrEQKmYwCg4ufJbS1o/5/C73FUSzBQ+D77OXsAoMLD 
> > 82mFBEHVI5D0bGtwTIoLQx9G 
> > =SKaL 
> > -----END PGP SIGNATURE-----[Anhang "reg1.reg" gel?scht von 
> Christoph Gruber/DSI/AT] 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040608/58db03bb/attachment.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: reg1.reg.txt
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040608/58db03bb/reg1.reg.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ