Re: TROJAN UNDETECTED BY AD-AWARE

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/18/04

• Next message: Roy: "Re: My Network Places"
• Previous message: george: "Re: Surely Someone Knows?"
• In reply to: sam1967_at_hetnet.nl: "TROJAN UNDETECTED BY AD-AWARE"
• Next in thread: sam1967_at_hetnet.nl: "Re: TROJAN UNDETECTED BY AD-AWARE"
• Reply: sam1967_at_hetnet.nl: "Re: TROJAN UNDETECTED BY AD-AWARE"
• Reply: Gary: "Re: TROJAN UNDETECTED BY AD-AWARE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 18 Feb 2004 11:11:27 GMT

You can submit it to AVERT/McAfee at: https://www.webimmune.net/default.asp

or you can ZIP the file with the password: infected

Them email it to:

In the US, send to: virus_research@avertlabs.com
In the UK, send to: vsample@avertlabs.com
In Germany send to: virus_research_de@avertlabs.com
In Japan send to: virus_research_japan@nai.com
In Australia send to: virus_research_apac@avertlabs.com
In the Netherlands: virus_research_europe@avertlabs.com

http://vil.nai.com/vil/submit-sample.asp

In addition...
If you post to UseNet with your TRUE, not a munged, email address then you are inviting the
Swen worm to visit you.

The Swen is news spelled backwards. The reason it is called this is because the Swen worm
harvests email addresses from UseNet News Groups. It has an engine that allows it to post
itself to UseNet News Groups as well as it has its own email engine. From the list of
email addresses that it has harvested, it will then email itself to those addresses.

Dave

<sam1967@hetnet.nl> wrote in message news:3p7630tlkathf8vp4lusovjvv25ic6fbdu@4ax.com...
| I picked up a trojan called rem2c4.exe which is not picked up by AVG
| or Ez-av or ad-aware.
| when run it connects to a gambling website.
| should I send it anywhere for analysis ?
| it is 212 kb.
|

---

• Next message: Roy: "Re: My Network Places"
• Previous message: george: "Re: Surely Someone Knows?"
• In reply to: sam1967_at_hetnet.nl: "TROJAN UNDETECTED BY AD-AWARE"
• Next in thread: sam1967_at_hetnet.nl: "Re: TROJAN UNDETECTED BY AD-AWARE"
• Reply: sam1967_at_hetnet.nl: "Re: TROJAN UNDETECTED BY AD-AWARE"
• Reply: Gary: "Re: TROJAN UNDETECTED BY AD-AWARE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Mass mailer worm? ... called this is because the Swen worm ... >harvests email addresses from UseNet News Groups. ... email engine. ... (microsoft.public.scripting.virus.discussion) Re: Virus ... >| called this is because the Swen worm ... >|>harvests email addresses from UseNet News Groups. ... >| email engine. ... (microsoft.public.scripting.virus.discussion) Re: Mascarade Email from "Microsoft" : W32.Swen.A@mm attached ! ... The reason it is called this is because the Swen worm ... harvests email addresses from UseNet News Groups. ... itself to UseNet News Groups as well as it has its own email engine. ... There are several Internet worms that masquerade as patches from Microsoft. ... (microsoft.public.security.virus) Re: Email pretending to be a Microsoft download ... The reason it is called this is because the Swen worm ... harvests email addresses from UseNet News Groups. ... itself to UseNet News Groups as well as it has its own email engine. ... Petition your ISP to install AV software on their respective email servers. ... (microsoft.public.scripting.virus.discussion) Re: TROJAN UNDETECTED BY AD-AWARE ... > Swen worm to visit you. ... > harvests email addresses from UseNet News Groups. ... > itself to UseNet News Groups as well as it has its own email engine. ... (alt.computer.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)