Full Disclosure mailing list archives

Re: gobolook / hotoffer dropper

From: "Lawrence Abrams" <labrams () bleepingcomputer com>
Date: Mon, 18 Apr 2005 12:18:31 -0400

I put up an analysis here:

http://www.bleepingcomputer.com/analysis/?anal=globolook-dropper

Lawrence Abrams
Bleeping Computer: http://www.bleepingcomputer.com

----- Original Message -----From: "Willem Koenings" <infsec () gmail com>

To: <full-disclosure () lists grok org uk>
Sent: Sunday, April 17, 2005 11:06 AM
Subject: [Full-disclosure] gobolook / hotoffer dropper


hi,

there's already some coverage in the web about this scam.

http://www.webhelper4u.com/CWS/CWSdropper_exe_msgs.html

today i found one new dropper, if someone wish to play with it / analyze,
here it is:

hxxp://www.globolook.com/v179/dropper.exe
hxxp://www.globolook.com/v179/dropper.chm
hxxp://www.globolook.com/v179/xxx.html

W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.15 - Release Date: 4/16/2005




--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.16 - Release Date: 4/18/2005

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

gobolook / hotoffer dropper Willem Koenings (Apr 17)
- Re: gobolook / hotoffer dropper Lawrence Abrams (Apr 18)