| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aaf6cdb904092712141861a6b@mail.gmail.com>
From: the.rxmr at gmail.com (the rxmr)
Subject: New virus?
----- Original Message -----
From: Bernardo Santos Wernesback <bernardo@....com.br>
Date: Mon, 27 Sep 2004 14:44:58 -0300
Subject: [Full-Disclosure] New virus?
To: full-disclosure@...ts.netsys.com
Hi everyone,
Has anyone seen a lot of HTTP activity to a certain site:
http://www.fotosgratis.pop.com.br ?
One of our clients has several machines making tons of requests for
TXT files on that server:
botao.txt
mswinsck.txt
ita01.txt
caixa01.txt
teclado07.txt
caixa01.txt
caixa02.txt
caixa03.txt
caixa04.txt
caixa05.txt
Thanks for any info.,
_____________________________________________________
Bernardo Santos Wernesback
ESSE,ESS,SCSE,CCNA/DA,
CCSA,CQS,MCP
Consultant / ISH Tecnologia
Phone: +55-27-3334-8900
Mobile: +55-27-8111-0884
Email: bernardo@....com.br
PGP Fingerprint:
6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43 95F5
This should answer your quetions.
It is a trojan - TROJ_BANCOS.BW or a variant.
http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=TROJ_BANCOS.BW
>From the page:
"
Description:
This Trojan attempts to download the following image files in the
folder %Windows%\inf:
* botao.bmp
* caixa01.jpg
* caixa02.jpg
* caixa04.jpg
* caixa05.jpg
* ita01.jpg
* teclado_05.jpg
* teclado_07.jpg
* teclado_gere03.jpg
* teclado_gere04.jpg
* teclado_gere05.jpg
* teclado_gere06.jpg
"
Powered by blists - more mailing lists