Full Disclosure mailing list archives
Re: Possible First Crypto Virus Definitely Discovered!
From: Martin Wasson <marto () fightingillini com>
Date: Fri, 11 Jun 2004 06:40:22 -0700 (PDT)
Billy, As FD's foremost expert on virii, can you answer a question for me? Is it possible that this is one of Polly Morfick's viruses? They can change ports, right? After seeing your discovery, I too found a computer at home trying to infect the Internet with the 443 virus. Though I too have now shut down port 443 outbound on my border Tiny Personal FW at home, my Windows ME workstation is STILL launching attacks against the Internet on ports 53, 80, and 25. I discovered that my wife's computer has the virus too, and has been trying to infect port 80 on a machine called www.married-women-looking-for-action.com. The funny thing is, I thinks it's on a timer, because it doesn't even start attacking until after I go to bed. Weird!!! Another thing is, the virus also seems to be asking a computer (who's name is apparently "arp") for some kind of encrypted data. I think the virus's encrypted name might be either 00-0D-35-B4-56-01 or 172.16.10.10, because it's asking this "arp" whohas 00-0D-56-75-B4-46, and to tell 172.16.10.10 if it finds it. NOT goo! d!! I tried to research it, but only came up with stuff about Apple Computer addresses and something called Hexadecimals. As you can imagine, I don't even HAVE any MACs, just PCs, and 00-0D-35-B4-56-01 looks more like HexaDASHES than Hexadecimals. What gives? SMARTACVS _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Possible First Crypto Virus Definitely Discovered! Martin Wasson (Jun 11)