Full Disclosure mailing list archives
RE: Virus infections
From: "Paul Craig" <paul.craig () security-assessment com>
Date: Thu, 24 Nov 2005 10:39:49 +1300
The CIA thinks I have been going to illegal websites? What the? The worm is packed with upx, with the section names changed. I unpacked the exe and rebuilt the iat, if you want to grab a copy to analyze, get it from www.pimp-industries.com/nasty.bin I wonder how many old hippies have fallen for the old "dude, the CIA are after you" line. Paul Craig Security Consultant Security-Assessment.com CONFIDENTIALITY NOTICE: This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person. Views expressed are not necessarily endorsed by Security-Assessment.com Limited. Please note that this communication does not designate an information system for the purposes of the New Zealand Electronic Transactions Act 2003. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of pingywon Sent: Thursday, 24 November 2005 8:04 a.m. To: Geo.; full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Virus infections yes indeed this Sober virus is ramping up pretty quick. Alot of my clients have called me today asking about emails they have received. Here is all the latest info on it. http://vil.mcafeesecurity.com/vil/content/v_137072.htm ~pingywon MCSE ----- Original Message ----- From: "Geo." <geoincidents () nls net> To: <full-disclosure () lists grok org uk> Sent: Wednesday, November 23, 2005 12:14 PM Subject: [Full-disclosure] Virus infections
I'm getting swamped by virus infected emails here that seem to be coming from lots of secure networks. For example he2xmail.freddiemac.com 4.21.132.137 has sent me hundreds of infected emails today. Anyone else seeing compromises on financial or otherwise secure networks? This sober-u thing seems to still be picking up speed. Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Hacking Boot camps!, (continued)
- Re: Hacking Boot camps! InfoSecBOFH (Nov 22)
- Re: Hacking Boot camps! Ivan . (Nov 22)
- Re: Hacking Boot camps! ReK2GNULinux (Nov 22)
- Re: Hacking Boot camps! wilder_jeff Wilder (Nov 22)
- Re: Hacking Boot camps! sk / GroundZero (Nov 24)
- Re: Hacking Boot camps! xyberpix (Nov 29)
- Re: Hacking Boot camps! InfoSecBOFH (Nov 22)
- Re: Hacking Boot camps! Exibar (Nov 23)
- Virus infections Geo. (Nov 23)
- Re: Virus infections Gary E. Miller (Nov 23)
- Re: Virus infections pingywon (Nov 23)
- RE: Virus infections Paul Craig (Nov 23)
- RE: Virus infections Debasis Mohanty (Nov 23)
- Re: Hacking Boot camps! InfoSecBOFH (Nov 23)
- Re: Hacking Boot camps! Koen Van Impe (Nov 23)
- Re: Hacking Boot camps! InfoSecBOFH (Nov 23)
- Re: Hacking Boot camps! Michael Holstein (Nov 23)
- RE: Hacking Boot camps! Clement Dupuis (Nov 23)
- RE: Hacking Boot camps!: certifications wilder_jeff Wilder (Nov 23)
- RE: [inbox] RE: Hacking Boot camps!: certifications Exibar (Nov 25)
- Re: Hacking Boot camps!: certifications R S (Nov 25)
- Re: Re: Hacking Boot camps!: certifications Valdis . Kletnieks (Nov 25)