| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9E97F0997FB84D42B221B9FB203EFA2701426D27@dc1ms2.msad.brookshires.net> Date: Mon Aug 15 17:29:37 2005 From: toddtowles at brookshires.com (Todd Towles) Subject: Virus Outbreak Attacking MS05-039 WIN2K That is very possible, but a "update" would have to be made to the bot client to get this webserver on the box with a phishing site. So why not just wait and do the DNS poison when the website is up and working, instead of before...this just tells people that something is wrong. It doesn't help the worm, it is just leftover junk from the Mytob - as Joe pointed out. -Todd ________________________________ From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Jan Nielsen Sent: Monday, August 15, 2005 11:14 AM To: full-disclosure@...ts.grok.org.uk Subject: RE: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K Perhaps the next phase of the virus is a phishing attack to get people to go to a local webserver initiated by the virus to capture login/credentials from those site ? Jan -----Original Message----- From: Andrew Smith [mailto:andrew.rse@...il.com] Sent: 15. august 2005 17:27 To: Mike Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K Can anyone explain why this virus chooses to block ebay, amazon and paypal? This seems foolish if the intention is to remain on the compromised host un-noticed. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050815/27a2e555/attachment.html
Powered by blists - more mailing lists