| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Apr 2007 12:14:35 +0300 (EEST) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: Steward Smith <fulldisc@...ll.org>, Wong Chee Chun <cheechun2005@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: patch-9449 Wong Chee Chun <cheechun2005@...il.com> wrote: Dshield (ISC) page discusses about the same issue. The filenames are randomized. 4 or 5 numbers always. - Juha-Matti > Dshied's recent diary entry might has something related about this virus i > guess. except that the filename is patch-58214.zip. > >Here is the link to the diary --> > >http://www.dshield.org/diary.html?storyid=2618&dshield=0fcfb711fed834995b1d52da5f438c11 > > >cheers > On 4/13/07, Steward Smith <fulldisc@...ll.org> wrote: Hi, Had a funny spam today that warned about mails coming from my IP address and I should apply the attached patch. The filename was named patch-9449.exe which was attached in a password protected zip file - presumably to fool your virus scanner. I unpacked it but my up-to-date virus scanner on my Windows XP vmware instance cannot detect any malware. Has anyone else seen this and know what it is? Stew _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists