Full Disclosure mailing list archives
Re: What is this
From: trains () doctorunix com
Date: Mon, 8 Aug 2005 13:39:01 -0500
Quoting Armando Rogerio Brandão Guimaraes Junior <arjunior () attps com br>:
Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php AntiVirus and SpyBot doesn´t detect!!! Armando Guimarães Jr
It is an MS-EXE executable program. Anti virus doesn't find it because it is not an virus. Spybot for the same reason. To block these you need an smtp policy that does not allow executable attachments to incoming emails. "What it does" could be anything from typing "hello world" in a dialog box (unlikely) to creating a new Administrator account on your corporate AD server and posting the entire contents thereof to an IRC channel (somewhat more likely). But at first glance it looks like it is going to open a backdoor shell on the recipient's PC. tc ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this trains (Aug 08)
- Re: What is this Michael Hale (Aug 08)
- Re: What is this Ron (Aug 08)
- RE: What is this Peter Kruse (Aug 08)
- Re: What is this Michael Hale (Aug 08)
- Re: What is this Jeremy (Aug 08)
- RE: What is this Aditya Deshmukh (Aug 08)
- <Possible follow-ups>
- RE: What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this Feher Tamas (Aug 09)
- Re: What is this trains (Aug 08)