lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050808133901.i2xig1tl6uas4cgs@mail.doctorunix.com>
Date: Mon Aug  8 19:39:21 2005
From: trains at doctorunix.com (trains@...torunix.com)
Subject: What is this

Quoting Armando Rogerio Brand?o Guimaraes Junior <arjunior@...ps.com.br>:

> Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php
> AntiVirus and SpyBot doesn?t detect!!!
>
> Armando Guimar?es Jr

It is an MS-EXE executable program.  Anti virus doesn't find it because 
it is not an virus.  Spybot for the same reason.  To block these you 
need an smtp policy that does not allow executable attachments to 
incoming emails.

"What it does" could be anything from typing "hello world" in a dialog 
box (unlikely) to creating a new Administrator account on your 
corporate AD server and posting the entire contents thereof to an IRC 
channel (somewhat more likely).  But at first glance it looks like it 
is going to open a backdoor shell on the recipient's PC.

tc



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ