lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20100604222838.61988683@foo.fgeek.fi>
Date: Fri, 4 Jun 2010 22:28:38 +0300
From: Henri Salo <henri@...v.fi>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Virii in the wild

> http: //ecard-gre etings-com.googlegrou ps.com/web/ecard.zip
> 
> 8e4830ee84783c6fd17d4475cd1120f0  ecard.zip
> ba8e39a695ea84767adb0b90f5973332  ecard.exe
> 75adc566ab7ee7fc06c19c01413ddb13c090406b  ecard.zip
> 73383ca43fc98fbba5d1358bebfeb9e09864d306  ecard.exe
> 0bdb420658f31cadad291ae497066e8f9227166a02976a548cdb5c57  ecard.zip
> 9a995e18175cedcdb5c041fc96bd71cf6202b8534348664ccae179a9  ecard.exe
> 
> ae875123e2325a54249974eaf425697a  PC_protect.exe
> 411329f5eee7b35494e05d23919122671251343b  PC_protect.exe
> f8d1df776592d7159be5ece59059a9fa76c47cf511dd49ed642cd5ac
> PC_protect.exe
> 
> ecard.exe: OK
> ecard.zip: OK
> PC_protect.exe: OK
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 798905
> Engine version: 0.96
> Scanned directories: 0
> Scanned files: 3
> Infected files: 0
> Data scanned: 1.45 MB
> Data read: 1.45 MB (ratio 1.00:1)
> Time: 2.815 sec (0 m 2 s)
> 
> https://anubis.iseclab.org/?action=result&task_id=1d65344c1a22298d4c91244f24710205c
> https://anubis.iseclab.org/?action=result&task_id=14865c640caefc854815769e2262e7297
> 
> I already reported this to ClamAV. Contact me if you want the
> binaries.

I also reported this to F-Secure and AVG.

http://www.virustotal.com/analisis/b1d265068e42add36d161de63abcd09d461ba7598bc7bf2187843bcfb1db2e2a-1275679442
http://www.virustotal.com/analisis/8a0d55265395aa8d947d012de267c808e9432d0c218e35210d735f2dd49bae86-1275679472
http://virusscan.jotti.org/en/scanresult/e09e3c7d2a494edc53cc43005ab60c27fde134f7
http://virusscan.jotti.org/en/scanresult/548e8b7a6995c70f3c79dcafbc33cd1d8ea0d3ef

Best regards,
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ