RE: Virus infections

["Paul Craig" <paul.craig () security-assessment com>]

The CIA thinks I have been going to illegal websites? What the?

The worm is packed with upx, with the section names changed. I unpacked the
exe and rebuilt the iat, if you want to grab a copy to analyze, get it from
www.pimp-industries.com/nasty.bin

I wonder how many old hippies have fallen for the old "dude, the CIA are
after you" line.




Paul Craig
Security Consultant
Security-Assessment.com

 


CONFIDENTIALITY NOTICE: 

This message and any attachment(s) are confidential and proprietary. They
may also be privileged or otherwise protected from disclosure. If you are
not the intended recipient, advise the sender and delete this message and
any attachment from your system. If you are not the intended recipient, you
are not authorised to use or copy this message or attachment or disclose the
contents to any other person. Views expressed are not necessarily endorsed
by Security-Assessment.com Limited. Please note that this communication does
not designate an information system for the purposes of the New Zealand
Electronic Transactions Act 2003. 


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of pingywon
Sent: Thursday, 24 November 2005 8:04 a.m.
To: Geo.; full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Virus infections

yes indeed this Sober virus is ramping up pretty quick.

Alot of my clients have called me today asking about emails they have 
received.

Here is all the latest info on it.

http://vil.mcafeesecurity.com/vil/content/v_137072.htm

~pingywon MCSE




----- Original Message ----- 
From: "Geo." <geoincidents () nls net>
To: <full-disclosure () lists grok org uk>
Sent: Wednesday, November 23, 2005 12:14 PM
Subject: [Full-disclosure] Virus infections


> I'm getting swamped by virus infected emails here that seem to be coming
> from lots of secure networks. For example
>
> he2xmail.freddiemac.com
>  4.21.132.137
>
> has sent me hundreds of infected emails today. Anyone else seeing
> compromises on financial or otherwise secure networks? This sober-u thing
> seems to still be picking up speed.
>
> Geo.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/