lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: the.rxmr at gmail.com (the rxmr)
Subject: New virus?

On Mon, 27 Sep 2004 14:44:58 -0300, Bernardo Santos Wernesback
<bernardo@....com.br> wrote:
>  
> Hi everyone, 
>   
> Has anyone seen a lot of HTTP activity to a certain site: http://www.fotosgratis.pop.com.br ? 
>   
> One of our clients has several machines making tons of requests for TXT files on that server: 
>   
> botao.txt 
> mswinsck.txt 
> ita01.txt 
> caixa01.txt 
> teclado07.txt 
> caixa01.txt 
> caixa02.txt 
> caixa03.txt 
> caixa04.txt 
> caixa05.txt 
>   
> Thanks for any info., 
>  
>  
> 
> _____________________________________________________ 
>  
> 
> Bernardo Santos Wernesback 
> 
>  
>  
> 
> ESSE,ESS,SCSE,CCNA/DA, 
>  
> 
> CCSA,CQS,MCP 
>  
> 
>   
>  
> 
> 
> Consultant / ISH Tecnologia  
> 
>   
>  
> 
> Phone: +55-27-3334-8900 
> 
>  
>  
> 
> Mobile: +55-27-8111-0884 
>  
> 
> Email: bernardo@....com.br 
> 
>   PGP Fingerprint:
>    6A42 3701 70D7 FD0F 5FA9  D232 CDD4 6189 EF43 95F5  
>   

I should also mention that the file "mswinsck.txt" is found on
machines compromised by these two:

W95/Music@M
http://vil.nai.com/vil/content/v_98889.htm

and

Helios
http://www.pestpatrol.com/pestinfo/h/helios.asp

Another interesting link I found was this one, but I can't translate it:
http://big5.pconline.com.cn/b5/www.pconline.com.cn/pcedu/soft/virus/da/0409/449519.html


Powered by blists - more mailing lists