[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAABIzwuK9Z1RGJWgABAh70LiKDAAAQAAAAhKWUrcgl8Ui50AocFcb7IQEAAAAA@abc.gr>
From: dchontzo at abc.gr (Chontzopoulos Dimitris)
Subject: MCAFEE E-MAIL SCAN ALERT!~RE: NEW WORM DISCOVERY - POTENTIAL KORGO VARIANT
McAfee says <W32/Gaobot.worm.gen.j>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Michael Young
> Sent: Thursday, June 24, 2004 5:39 PM
> To: 'Peter Kosinar'; full-disclosure@...ts.netsys.com
> Subject: MCAFEE E-MAIL SCAN ALERT!~RE: [FULL-DISCLOSURE] NEW WORM DISCOVERY - POTENTIAL KORGO VARIANT
>
>
> Attachment file : VDisp.save
> Virus name: W32/Gaobot.worm.gen.j
> Action taken : Unable to Clean...
>
> Attachment file : VDisp.save
> Virus name: W32/Gaobot.worm.gen.j
> Secondary Action taken : Moved...
>
> Thank you for bringing that to my attention. Here is the attachment.
> Again, rename to .exe
>
> -----Original Message-----
> From: Peter Kosinar [mailto:goober@....sk]
> Sent: Thursday, June 24, 2004 10:36 AM
> To: Michael Young
> Subject: Re: [Full-Disclosure] New Worm Discovery - Potential Korgo Variant
>
> > creates a registry entry in RunServices and Run to load. I am anxious to
> > hear any feedback anyone has regarding this issue as we are still
> attempting
> > to reduce network traffic and alleviate any remaining issues. I have
> > attached a copy of the executable (rename to .exe).
>
> Are you sure you didn't forget to attach the attachment ? Or was it
> stripped from the mail somewhere on the route ?
>
> Your sincerely,
>
> Peter Kosinar
>
Powered by blists - more mailing lists