lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ufzn54xev8.fsf@devnull.wylie.me.uk>
From: alan at wylie.me.uk (Alan J. Wylie)
Subject: New virus

On Mon, 9 Aug 2004 13:03:54 -0600, "Jonathan Grotegut" <jgrotegut@...ectpointe.com> said:

> (In regards to new_price.zip file attachment) Anyone have any idea
> what this is, we had some clients just get pretty hard with this
> email.  I am unable to find anything on it, from my VERY Limited
> knowledge it appears to be a virus exploiting one of the many holes
> in IE.  Anyone else see anything on this yet?

ClamAV picked it up quickly - a freshclam at Aug 9 17:54 UCT included
its signature, after the first two to hit me didn't get trapped.

<http://isc.sans.org/diary.php?date=2004-08-09>

<cite>
Handler's Diary August 9th 2004
Updated August 9th 2004 18:59 UTC
* New Bagle (?) Variant Spreading

    New Bagle Variant Spreading

    (PRELIMINARY)

    We received a number of reports about a new virus. Based on a
    quick string analysis, we assume that this will be classified as a
    new member of the 'Bagle' family. Like prior versions, it includes
    a lengthy list of URLs. Infected systems will likely attempt to
    contact these URLs.

    All samples received so far arrive without subject. Attachment
    names are price2.zip, new__price.zip, 08_price.zip, and likely
    others. The text reads 'price' or 'new price'.

    According to handler Tom Liston, the virus installs itself as
    C:\WINDOWS\System32\WINdirect.exe and runs from
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win_upd2.exe
</cite>

-- 
Alan J. Wylie                                          http://www.wylie.me.uk/
"Perfection [in design] is achieved not when there is nothing left to add,
but rather when there is nothing left to take away."
  -- Antoine de Saint-Exupery

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ