lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Nov 23 21:40:25 2005
From: paul.craig at security-assessment.com (Paul Craig)
Subject: Virus infections

The CIA thinks I have been going to illegal websites? What the?

The worm is packed with upx, with the section names changed. I unpacked the
exe and rebuilt the iat, if you want to grab a copy to analyze, get it from
www.pimp-industries.com/nasty.bin

I wonder how many old hippies have fallen for the old "dude, the CIA are
after you" line.




Paul Craig
Security Consultant
Security-Assessment.com

 


CONFIDENTIALITY NOTICE: 

This message and any attachment(s) are confidential and proprietary. They
may also be privileged or otherwise protected from disclosure. If you are
not the intended recipient, advise the sender and delete this message and
any attachment from your system. If you are not the intended recipient, you
are not authorised to use or copy this message or attachment or disclose the
contents to any other person. Views expressed are not necessarily endorsed
by Security-Assessment.com Limited. Please note that this communication does
not designate an information system for the purposes of the New Zealand
Electronic Transactions Act 2003. 


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of pingywon
Sent: Thursday, 24 November 2005 8:04 a.m.
To: Geo.; full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Virus infections

yes indeed this Sober virus is ramping up pretty quick.

Alot of my clients have called me today asking about emails they have 
received.

Here is all the latest info on it.

http://vil.mcafeesecurity.com/vil/content/v_137072.htm

~pingywon MCSE




----- Original Message ----- 
From: "Geo." <geoincidents@....net>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Wednesday, November 23, 2005 12:14 PM
Subject: [Full-disclosure] Virus infections


>
> I'm getting swamped by virus infected emails here that seem to be coming
> from lots of secure networks. For example
>
> he2xmail.freddiemac.com
>  4.21.132.137
>
> has sent me hundreds of infected emails today. Anyone else seeing
> compromises on financial or otherwise secure networks? This sober-u thing
> seems to still be picking up speed.
>
> Geo.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ