Re: spamming trojan?

[Joe Stewart <jstewart () lurhq com>]

On Wed, 16 Jun 2004 08:23:59, geoincidents () nls net wrote:
> Anyone want to try and analyze what this thing is? It was spammed to 
> about 30 addresses here this morning. 

The end stage appears to be a new variant of the Cjdra proxy trojan. 
This person has been spreading trojans via spammed-exploit for a while 
now, and now it looks as if he/she has upgraded to the latest IE 
exploit.

http://vil.nai.com/vil/content/v_100939.htm describes an older variant.

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html