Full Disclosure mailing list archives

Re: Re: Online Script Decoder

From: Willem Koenings <infsec () gmail com>
Date: Mon, 13 Dec 2004 15:08:32 +0200

It's a trojan-dropper called VBS.Zerolin and it tries to
download an executable file also belonging to the
trojan-downloader family. It is called malware 
Win32.Zdesnado.Y

What that exe file tries to download, I don't know.

hi,

It's a trojan-dropper called VBS.Zerolin and it tries to
download an executable file also belonging to the
trojan-downloader family. It is called malware Win32.Zdesnado.Y

What that exe file tries to download, I don't know.


it's also known as W32/Lowzones.J and Troj/Crabton-B

http://www.sophos.com/virusinfo/analyses/trojcrabtonb.html
http://vi.db.kingsoft.com/virus.php?fid=1597

latter is in simplified chinese, use babelfish to read.

W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Online Script Decoder GreyMagic Security (Dec 07)
- <Possible follow-ups>
- Re: Online Script Decoder Paul Szabo (Dec 07)
- Re: Online Script Decoder Elia Florio (Dec 07)
- Re: Online Script Decoder Feher Tamas (Dec 13)
  - Re: Re: Online Script Decoder Willem Koenings (Dec 13)