new WIN virus?

From: Atom 'Smasher' (atom_at_suspicious.org)
Date: 01/29/04

  • Next message: Matthias Andree: "Security Announcement: untrusted ELF library path in some cvsup binary RPMs" 
    Date: Thu, 29 Jan 2004 01:23:48 -0500 (EST)
To: bugtraq@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    i don't know much at all about windows, but this spam got past my spam
    filter and drew my attention. i tested the suspect file in some on-line
    virus checkers, and they all reported the file as not being a threat.
    looking at the page that the spam requested (hidden after "@" in the link)
    i can only think that the file is up to no-good.

    the original spam, the page that it requests, and the suspicious "exe"
    file:
            http://smasher.suspicious.org/tmp/live-virus.tgz

    live-virus.tgz
    md5: 42e6edfe1dcbb3e83f3da997014c7858
    sha1: 372ef9ce498b3cd23cd7c0c2b404a18f7d1b7771

    the TGZ contains:
    - -rw-r--r-- atom/atom 1606 Jan 29 00:34 2004 spam
    - -rw-r--r-- atom/atom 1941 Jan 29 00:31 2004 gift-with-headers.html
    - -rw-r--r-- atom/atom 8704 Jan 28 22:41 2004 updatte.exe

    updatte.exe was tested on:
       yahoo-mail
       http://www.kaspersky.com/remoteviruschk.html
       http://www.dials.ru/english/www_av/
       http://www.rav.ro/scan/indexn.php
    and they all reported that the file poses no threat. i suspect they're
    wrong.

             ...atom

     _______________________________________________
     PGP key - http://smasher.suspicious.org/pgp.txt
     3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
     -------------------------------------------------

            fascism: n. A system of government that exercises a dictatorship
            of the extreme right, typically through the merging of state and
            business leadership, together with belligerent nationalism.
                    -- The American Heritage Dictionary, 1983
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (FreeBSD)

    iD8DBQFAGKb8nCgLvz19QeMRAuKmAJ9vycEHwtOBNNQ5OkyInneQdb0IqQCff7U2
    DdPmn6tznmWijT7S8OMWj6M=
    =EscX
    -----END PGP SIGNATURE-----

  • Next message: Matthias Andree: "Security Announcement: untrusted ELF library path in some cvsup binary RPMs"
    • Quantcast