RE: (no subject)

[Bart.Lansing () kohls com]

Discovery Date :  8/10/2004 (PHL) 
Origin :   USA 
Description ( updated : 8/9/2004 11:03:26 AM ) 
There are reports now in the USA of a malware spreading via email. The 
file, price.exe, is spread as a ZIP file, and is included in a supposedly 
manually-spammed email.

This price.exe file is a downloader and attempts to download a file named 
2.jpg from different sites. The sites are currently inaccessible at the 
time of this writing. 

Infected customers also report a file named as windll.exe running in the 
system. 

TrendLabs is still currently analyzing the files and will soon post a more 
detailed analysis.

 
 
 


 

--------------------------------------------------------------------------------
 
EPS Deliverables
 

  Pattern 
 
         OPR 953 for WORM_BAGLE.AC 
               - Pattern under QA Testing  8/9/2004 11:23:44 AM 
 

Thank you,
Fooks, LynnBart Lansing
Manager, Desktop Services
Kohl's IT
262-703-2911

full-disclosure-admin () lists netsys com wrote on 08/09/2004 02:03:54 PM:

> (In regards to new_price.zip file attachment)
>
> Anyone have any idea what this is, we had some clients just get pretty
> hard with this email.  I am unable to find anything on it, from my VERY
> Limited knowledge it appears to be a virus exploiting one of the many
> holes in IE.  Anyone else see anything on this yet?
>
> Jonathan Grotegut
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html