Re: [Full-disclosure] patch-9449



Myself and a client have received several over the past 24hrs.

I submitted one as the password protected zip file to VirusTotal and
Kaspersky identified it as a virus/trojan as did several other AV
products. Names varied so I didn't record them. Was most interested in
seeing if there was a consistent identification of the archive.

Received another this morning which I unzipped on a Linux box then
tested with CA AV. It was identified as Win32/Pecoan.R

- Mike Shafer

Steward Smith wrote:
Hi,

Had a funny spam today that warned about mails coming from my IP address
and I should apply the attached patch. The filename was named
patch-9449.exe which was attached in a password protected zip file -
presumably to fool your virus scanner.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/