lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200407261853.i6QIr9J8017206@ns2.mmicman.com>
From: support at mmicman.com (Edward Ray)
Subject: [ok] Possible Virus/Trojan

Got something similar to that a few days ago on another mailing list,
informing me Arnold Schwarzenegger hung himself last night.  the file was a
*.exe.html, or *.html.exe

  _____  

From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Todd Towles
Sent: Sunday, July 25, 2004 8:03 PM
To: 'Curt Purdy'; 'Mailing List - Full-Disclosure'
Subject: RE: [ok] [Full-Disclosure] Possible Virus/Trojan



I would say that the latter is the more likely, but the message came from a
hotmail account. Doesn't hotmail check attachments? I didn't look at the
headers really so spoofing is possible. I am getting a copy to a research
company so I can get some more answers maybe.

 

-----Original Message-----
From: Curt Purdy [mailto:purdy@...man.com] 
Sent: Sunday, July 25, 2004 2:07 PM
To: 'Todd Towles'; 'Mailing List - Full-Disclosure'
Subject: RE: [ok] [Full-Disclosure] Possible Virus/Trojan

 

Todd Towles  wrote:

> I received an e-mail today that looked very much like a virus. Here is the
message 

>

> Attachment - erupts.avi.exe

>

> Subject - New Southern California wildfire erupts

<snip> .

>

> Either this is a new Trojan that changes it body and subject based on the
current  AP  news or someone used a very lame trick against me. =)  

 

I'm guessing the latter.  Although story scraping would be possible,
intellegent naming of the .exe would not be.  Most likely a friend... or
enemy.

 

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040726/5c05fdb9/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ