Full Disclosure mailing list archives
Re: New virus?
From: the rxmr <the.rxmr () gmail com>
Date: Mon, 27 Sep 2004 14:23:54 -0500
On Mon, 27 Sep 2004 14:44:58 -0300, Bernardo Santos Wernesback <bernardo () ish com br> wrote:
Hi everyone, Has anyone seen a lot of HTTP activity to a certain site: http://www.fotosgratis.pop.com.br ? One of our clients has several machines making tons of requests for TXT files on that server: botao.txt mswinsck.txt ita01.txt caixa01.txt teclado07.txt caixa01.txt caixa02.txt caixa03.txt caixa04.txt caixa05.txt Thanks for any info., _____________________________________________________ Bernardo Santos Wernesback ESSE,ESS,SCSE,CCNA/DA, CCSA,CQS,MCP Consultant / ISH Tecnologia Phone: +55-27-3334-8900 Mobile: +55-27-8111-0884 Email: bernardo () ish com br PGP Fingerprint: 6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43 95F5
I should also mention that the file "mswinsck.txt" is found on machines compromised by these two: W95/Music@M http://vil.nai.com/vil/content/v_98889.htm and Helios http://www.pestpatrol.com/pestinfo/h/helios.asp Another interesting link I found was this one, but I can't translate it: http://big5.pconline.com.cn/b5/www.pconline.com.cn/pcedu/soft/virus/da/0409/449519.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New virus? Bernardo Santos Wernesback (Sep 27)
- Re: New virus? Harlan Carvey (Sep 27)
- Re: New virus? Exibar (Sep 27)
- Re: New virus? the rxmr (Sep 27)
- Re: New virus? the rxmr (Sep 27)
- Re: New virus? Adam Jacob Muller (Sep 27)
- Re: New virus? Vince is a dickhead (Sep 27)
- <Possible follow-ups>
- RE: New virus? Todd Towles (Sep 27)
- RE: New virus? Todd Towles (Sep 27)
- Re: New virus? Harlan Carvey (Sep 27)