Full Disclosure mailing list archives
Re: New virus?
From: the rxmr <the.rxmr () gmail com>
Date: Mon, 27 Sep 2004 14:14:03 -0500
----- Original Message ----- From: Bernardo Santos Wernesback <bernardo () ish com br> Date: Mon, 27 Sep 2004 14:44:58 -0300 Subject: [Full-disclosure] New virus? To: full-disclosure () lists netsys com Hi everyone, Has anyone seen a lot of HTTP activity to a certain site: http://www.fotosgratis.pop.com.br ? One of our clients has several machines making tons of requests for TXT files on that server: botao.txt mswinsck.txt ita01.txt caixa01.txt teclado07.txt caixa01.txt caixa02.txt caixa03.txt caixa04.txt caixa05.txt Thanks for any info., _____________________________________________________ Bernardo Santos Wernesback ESSE,ESS,SCSE,CCNA/DA, CCSA,CQS,MCP Consultant / ISH Tecnologia Phone: +55-27-3334-8900 Mobile: +55-27-8111-0884 Email: bernardo () ish com br PGP Fingerprint: 6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43 95F5 This should answer your quetions. It is a trojan - TROJ_BANCOS.BW or a variant. http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=TROJ_BANCOS.BW
From the page:
"
Description:
This Trojan attempts to download the following image files in the
folder %Windows%\inf:
* botao.bmp
* caixa01.jpg
* caixa02.jpg
* caixa04.jpg
* caixa05.jpg
* ita01.jpg
* teclado_05.jpg
* teclado_07.jpg
* teclado_gere03.jpg
* teclado_gere04.jpg
* teclado_gere05.jpg
* teclado_gere06.jpg
"
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New virus? Bernardo Santos Wernesback (Sep 27)
- Re: New virus? Harlan Carvey (Sep 27)
- Re: New virus? Exibar (Sep 27)
- Re: New virus? the rxmr (Sep 27)
- Re: New virus? the rxmr (Sep 27)
- Re: New virus? Adam Jacob Muller (Sep 27)
- Re: New virus? Vince is a dickhead (Sep 27)
- <Possible follow-ups>
- RE: New virus? Todd Towles (Sep 27)
- RE: New virus? Todd Towles (Sep 27)
- Re: New virus? Harlan Carvey (Sep 27)