lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: se_cur_ity at hotmail.com (morning_wood)
Subject: media-motor.net

file is a MSVB exe, here are some fun strings from the binary...
( spyware, but not a trojan )

http://www.maxmind.com:8010/a?l=PeAyF1sgrZYw&i=\tempf.txt
\usta32.ini
http://mmm.media-motor.net/bundle.php?aff=\affbun.txt
  phases
  sewers
  outers
c:\asdf.txt
randomdll
mydll
randomocx
 \regsvr32 /s 
 randomexe
myexe
 SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  uinstaller
  unstall.exe
 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor
  DisplayName
  Media-motor
\unstall.exe
http://logs.media-motor.net/log3.php?c=&what=newinstall&aff=&country=
 \tempf2.txt
&what=dupinstall&aff=

> anyone familiar with this group (media-motor.net/Roings.com) ? they
> seem to be sending downloader.trojan files to unsuspecting people
> using everyone.net webmail accounts.
> http://mmm.media-motor.net/soft/default.exe
> the webmail i discovered it on was from sunguru.com

> tries to download that file everytime i log in or log out.?
proally using IE huh?????

fun stuff,
m.w

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ