lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <ELEOLHOJFMBPBFCJHOCICEPFFAAA.aditya.deshmukh@online.gateway.technolabs.net>
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya , ALD [ Aditya Lalit Deshmukh ])
Subject: Possible New Malware....

Blankdo you know that www.slimeware.com is a paranody site with no real coproation behind it, the fellow who wrote this program has a real good sence of humor 




    -----Original Message-----
  From: Swearingen, Bill W [CC] [mailto:bill.p.swearingen@...l.sprint.com]
  Sent: Tuesday, August 24, 2004 01:01 AM
  To: ald2003@...rs.sourceforge.net; full-disclosure-admin@...ts.netsys.com
  Subject: RE: [Full-Disclosure] Possible New Malware....
  Sensitivity: Confidential


  Taking a look at RunDLL32e.txt shows the name "slimeware corp"

  Doing a google search I found http:// www. slimeware. com/downloads.htm

  In their License Agreement they state this:

  *  This is a legally binding agreement between yourself "you" and Slimeware Corporation "Slimeware".

  < OTHER DETAILS SNIPPED> 





------------------------------------------------------------------------------
  From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Aditya , ALD [ Aditya Lalit Deshmukh ]
  Sent: Monday, August 23, 2004 10:04 AM
  To: Full-Disclosure@...ts. Netsys. Com
  Subject: [Full-Disclosure] Possible New Malware....
  Importance: High
  Sensitivity: Confidential


  Hi List, Possible new malware makes startup entries and copies itself to the windows folder this is where it was found, creates a CurruntPowerProfile reg startup key with a value of Rundll32.exe,powrprof.dll,LoadCurrentPwrScheme2.exe cant find anything else that it is doing except that it is written in VB anyone willing to have a look at it ? the files are attached as they are just ~ 40 KB  -aditya ( simply ren *.txt to *.exe ) 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040824/5f2a571a/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 145 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040824/5f2a571a/attachment.gif

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ