| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY10-DAV1XI3acH0xx00015b9b@hotmail.com> From: se_cur_ity at hotmail.com (morning_wood) Subject: media-motor.net file is a MSVB exe, here are some fun strings from the binary... ( spyware, but not a trojan ) http://www.maxmind.com:8010/a?l=PeAyF1sgrZYw&i=\tempf.txt \usta32.ini http://mmm.media-motor.net/bundle.php?aff=\affbun.txt phases sewers outers c:\asdf.txt randomdll mydll randomocx \regsvr32 /s randomexe myexe SOFTWARE\Microsoft\Windows\CurrentVersion\Run uinstaller unstall.exe SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor DisplayName Media-motor \unstall.exe http://logs.media-motor.net/log3.php?c=&what=newinstall&aff=&country= \tempf2.txt &what=dupinstall&aff= > anyone familiar with this group (media-motor.net/Roings.com) ? they > seem to be sending downloader.trojan files to unsuspecting people > using everyone.net webmail accounts. > http://mmm.media-motor.net/soft/default.exe > the webmail i discovered it on was from sunguru.com > tries to download that file everytime i log in or log out.? proally using IE huh????? fun stuff, m.w
Powered by blists - more mailing lists