Full Disclosure mailing list archives

Re: What is this

From: trains () doctorunix com
Date: Mon, 8 Aug 2005 13:39:01 -0500

Quoting Armando Rogerio Brandão Guimaraes Junior <arjunior () attps com br>:

Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php
AntiVirus and SpyBot doesn´t detect!!!

Armando Guimarães Jr


It is an MS-EXE executable program.  Anti virus doesn't find it because
it is not an virus.  Spybot for the same reason.  To block these you
need an smtp policy that does not allow executable attachments to
incoming emails.

"What it does" could be anything from typing "hello world" in a dialog
box (unlikely) to creating a new Administrator account on your
corporate AD server and posting the entire contents thereof to an IRC
channel (somewhat more likely).  But at first glance it looks like it
is going to open a backdoor shell on the recipient's PC.

tc



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this trains (Aug 08)
  - Re: What is this Michael Hale (Aug 08)
    - Re: What is this Ron (Aug 08)
  - RE: What is this Peter Kruse (Aug 08)
- Re: What is this Jeremy (Aug 08)
- RE: What is this Aditya Deshmukh (Aug 08)
- <Possible follow-ups>
- RE: What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this Feher Tamas (Aug 09)