lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAABIzwuK9Z1RGJWgABAh70LiKDAAAQAAAAhKWUrcgl8Ui50AocFcb7IQEAAAAA@abc.gr>
From: dchontzo at abc.gr (Chontzopoulos Dimitris)
Subject: MCAFEE E-MAIL SCAN ALERT!~RE: NEW WORM DISCOVERY - POTENTIAL KORGO VARIANT

McAfee says <W32/Gaobot.worm.gen.j>

>  -----Original Message-----
> From: 	full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]  On Behalf Of Michael Young
> Sent:	Thursday, June 24, 2004 5:39 PM
> To:	'Peter Kosinar'; full-disclosure@...ts.netsys.com
> Subject:	MCAFEE E-MAIL SCAN ALERT!~RE: [FULL-DISCLOSURE] NEW WORM DISCOVERY - POTENTIAL KORGO VARIANT
>
>
> Attachment file : VDisp.save
> Virus name: W32/Gaobot.worm.gen.j
> Action taken : Unable to Clean...
>
> Attachment file : VDisp.save
> Virus name: W32/Gaobot.worm.gen.j
> Secondary Action taken : Moved...
>
> Thank you for bringing that to my attention.  Here is the attachment.
> Again, rename to .exe
>
> -----Original Message-----
> From: Peter Kosinar [mailto:goober@....sk]
> Sent: Thursday, June 24, 2004 10:36 AM
> To: Michael Young
> Subject: Re: [Full-Disclosure] New Worm Discovery - Potential Korgo Variant
>
> > creates a registry entry in RunServices and Run to load.  I am anxious to
> > hear any feedback anyone has regarding this issue as we are still
> attempting
> > to reduce network traffic and alleviate any remaining issues.  I have
> > attached a copy of the executable (rename to .exe).
>
> Are you sure you didn't forget to attach the attachment ? Or was it
> stripped from the mail somewhere on the route ?
>
> Your sincerely,
>
> Peter Kosinar
>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ