| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <001001c62446$8a6540c0$0200a8c0@DORKA> Date: Sat Jan 28 20:08:11 2006 From: very at unprivate.com (Very Unprivate) Subject: Can Someone Tell Me What This Is? Hi, actually i have another question of a similar ballpark, so i can't really answer your question, but did a virustotal scan on it anyway (got the url from a previous fd post) so as not to post "empty handed". What i noted is this: I've been receiving emails on a few accounts eversince a couple of days.. Their subject is Hey, somebody! --where "somebody" is the user part of the email. But no virus, no attached files, no body, no content. The resemblence is only that like in your case, this is an email that probably has a purpose that we don't know about :-) An idea for my own case: somebody bought /made some forwards with many domains, and they check to see who responds to these, in order to make a nifty low bounce rate spam list. What do you think? Domains that were specified for a "sender" in the emails: Workpermit.com, snowcrest.com, aada.com, novellus.com. All i could find in my trash so far :) For your masturbation-capable virus: This is a report processed by VirusTotal on 01/28/2006 at 20:56:23 (CET) after scanning the file "masttyc.exe" file. Antivirus Version Update Result AntiVir 6.33.0.81 01.28.2006 no virus found Avast 4.6.695.0 01.27.2006 no virus found AVG 718 01.27.2006 no virus found Avira 6.33.0.81 01.27.2006 no virus found BitDefender 7.2 01.28.2006 no virus found CAT-QuickHeal 8.00 01.27.2006 no virus found ClamAV devel-20051123 01.28.2006 no virus found DrWeb 4.33 01.28.2006 no virus found eTrust-InoculateIT 23.71.62 01.28.2006 no virus found eTrust-Vet 12.4.2058 01.27.2006 no virus found Ewido 3.5 01.28.2006 no virus found Fortinet 2.54.0.0 01.28.2006 no virus found F-Prot 3.16c 01.28.2006 no virus found Ikarus 0.2.59.0 01.27.2006 no virus found Kaspersky 4.0.2.24 01.28.2006 no virus found McAfee 4684 01.27.2006 no virus found NOD32v2 1.1385 01.28.2006 no virus found Norman 5.70.10 01.27.2006 no virus found Panda 9.0.0.4 01.28.2006 no virus found Sophos 4.02.0 01.28.2006 no virus found Symantec 8.0 01.28.2006 no virus found TheHacker 5.9.3.082 01.27.2006 no virus found UNA 1.83 01.27.2006 no virus found VBA32 3.10.5 01.28.2006 no virus found Php0t -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of y0himba Sent: Saturday, January 28, 2006 8:23 PM To: full-disclosure@...ts.grok.org.uk Subject: [Full-disclosure] Can Someone Tell Me What This Is? Hi. Got this in an email, have no idea if it is just some stupid command line joke or if it does something I don't know about. Attached, .rar format Win32 .exe inside. I have attached the source code. Subject line, "Masturbation Tycoon". I am not a programmer at all, but there seems to be nothing suspicious in the source code either. Maybe I missed something in my newbness? Ran it in a sandbox, didn't seem to do anything odd. AVG, AntiVir and Bitdefender all say nothing about it. I am paranoid however. Thanks for any input. -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCM/GIT/GO d- s: a C++++$ UL++++ P++++ L++++ E++++ W++++ N+++++ o++++ K++ w O- M- V-- PS+ PE Y++ PGP++ t+ 5-- X+++++ R* tv++ b+++++ DI++ D++++ G++ e h---- r+++ y++++ ------END GEEK CODE BLOCK------ Get Your Geek Code: http://www.geekcode.com
Powered by blists - more mailing lists