lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <002101c472bd$729d66c0$b913400a@msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: [ok] Possible Virus/Trojan

It is a very smooth idea if it is a new e-mail worm. I haven't been able to
find any information from any AV companies on something like this. If it is
some kiddie trying to be smooth with me, this could be a new technique to
come.

-----Original Message-----
From: Andrew Farmer [mailto:andfarm@...novis.com] 
Sent: Sunday, July 25, 2004 6:06 PM
To: Curt Purdy
Cc: 'Mailing List - Full-Disclosure'; 'Todd Towles'
Subject: Re: [ok] [Full-Disclosure] Possible Virus/Trojan

On 25 Jul 2004, at 12:06, Curt Purdy wrote:
> Todd Towles  wrote:
>> I received an e-mail today that looked very much like a virus. Here 
>> is the message
>>
>> Attachment - erupts.avi.exe
>
>> Subject - New Southern California wildfire erupts
>
> <snip>
>
>> Either this is a new Trojan that changes it body and subject based on 
>> the current  AP  news or someone used a very lame trick against me. 
>> =)
>
> I'm guessing the latter.  Although story scraping would be possible,
> intellegent naming of the .exe would not be.  Most likely a friend... 
> or
> enemy.

Sure it would be. In this case, at least, the executable is just named 
based on the last word of the headline plus ".avi.exe".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ