Full Disclosure mailing list archives

Re: New virus?

From: the rxmr <the.rxmr () gmail com>
Date: Mon, 27 Sep 2004 14:23:54 -0500

On Mon, 27 Sep 2004 14:44:58 -0300, Bernardo Santos Wernesback
<bernardo () ish com br> wrote:

 
Hi everyone, 
  
Has anyone seen a lot of HTTP activity to a certain site: http://www.fotosgratis.pop.com.br ? 
  
One of our clients has several machines making tons of requests for TXT files on that server: 
  
botao.txt 
mswinsck.txt 
ita01.txt 
caixa01.txt 
teclado07.txt 
caixa01.txt 
caixa02.txt 
caixa03.txt 
caixa04.txt 
caixa05.txt 
  
Thanks for any info., 
 
 

_____________________________________________________ 
 

Bernardo Santos Wernesback 

 
 

ESSE,ESS,SCSE,CCNA/DA, 
 

CCSA,CQS,MCP 
 

  
 


Consultant / ISH Tecnologia  

  
 

Phone: +55-27-3334-8900 

 
 

Mobile: +55-27-8111-0884 
 

Email: bernardo () ish com br 

  PGP Fingerprint:
   6A42 3701 70D7 FD0F 5FA9  D232 CDD4 6189 EF43 95F5


I should also mention that the file "mswinsck.txt" is found on
machines compromised by these two:

W95/Music@M
http://vil.nai.com/vil/content/v_98889.htm

and

Helios
http://www.pestpatrol.com/pestinfo/h/helios.asp

Another interesting link I found was this one, but I can't translate it:
http://big5.pconline.com.cn/b5/www.pconline.com.cn/pcedu/soft/virus/da/0409/449519.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

New virus? Bernardo Santos Wernesback (Sep 27)
- Re: New virus? Harlan Carvey (Sep 27)
  - Re: New virus? Exibar (Sep 27)
- Re: New virus? the rxmr (Sep 27)
- Re: New virus? the rxmr (Sep 27)
- Re: New virus? Adam Jacob Muller (Sep 27)
  - Re: New virus? Vince is a dickhead (Sep 27)
- <Possible follow-ups>
- RE: New virus? Todd Towles (Sep 27)
- RE: New virus? Todd Towles (Sep 27)