Full Disclosure mailing list archives

RE: New virus?


From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 27 Sep 2004 15:27:43 -0500

Has anyone been able to grab the files from the BR domain server? Are
they using the JPEG hole..just it is just a pishing type thing? 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of the rxmr
Sent: Monday, September 27, 2004 2:14 PM
To: Bernardo Santos Wernesback
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] New virus?

----- Original Message -----
From: Bernardo Santos Wernesback <bernardo () ish com br>
Date: Mon, 27 Sep 2004 14:44:58 -0300
Subject: [Full-disclosure] New virus?
To: full-disclosure () lists netsys com

 
Hi everyone, 
  
Has anyone seen a lot of HTTP activity to a certain site:
http://www.fotosgratis.pop.com.br ?
  
One of our clients has several machines making tons of requests for TXT
files on that server:
  
botao.txt
mswinsck.txt
ita01.txt
caixa01.txt
teclado07.txt
caixa01.txt
caixa02.txt
caixa03.txt
caixa04.txt
caixa05.txt 
  
Thanks for any info., 
 
 

_____________________________________________________ 
 

Bernardo Santos Wernesback 

 
 

ESSE,ESS,SCSE,CCNA/DA, 
 

CCSA,CQS,MCP 
 

  
 


Consultant / ISH Tecnologia  

  
 

Phone: +55-27-3334-8900 

 
 

Mobile: +55-27-8111-0884 
 

Email: bernardo () ish com br 

  PGP Fingerprint:
   6A42 3701 70D7 FD0F 5FA9  D232 CDD4 6189 EF43 95F5  
  
This should answer your quetions.

It is a trojan - TROJ_BANCOS.BW or a variant.

http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?V
name=TROJ_BANCOS.BW

From the page:

"
Description:

This Trojan attempts to download the following image files in the folder
%Windows%\inf:

    * botao.bmp
    * caixa01.jpg
    * caixa02.jpg
    * caixa04.jpg
    * caixa05.jpg
    * ita01.jpg
    * teclado_05.jpg
    * teclado_07.jpg
    * teclado_gere03.jpg
    * teclado_gere04.jpg
    * teclado_gere05.jpg
    * teclado_gere06.jpg
"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: