Full Disclosure mailing list archives
Re: spamming trojan?
From: Joe Stewart <jstewart () lurhq com>
Date: Wed, 16 Jun 2004 08:44:43 -0400
On Wed, 16 Jun 2004 08:23:59, geoincidents () nls net wrote:
Anyone want to try and analyze what this thing is? It was spammed to about 30 addresses here this morning.
The end stage appears to be a new variant of the Cjdra proxy trojan. This person has been spreading trojans via spammed-exploit for a while now, and now it looks as if he/she has upgraded to the latest IE exploit. http://vil.nai.com/vil/content/v_100939.htm describes an older variant. -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: spamming trojan? Joe Stewart (Jun 16)
- RE: spamming trojan? Geo. (Jun 16)