RE: [klmtfs () pridemail com: Your Online Greeting Awaits You!]

["Jay D. Dyson" <jdyson () treachery net>]

-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 12 Aug 2001, Pete Jacob wrote:

> > > Has anyone run across this before?
> >
> >     I'll have to see about collecting a copy of the binary.  Until
> > such time, this should probably be considered a *possible* trojan that
> > should be ruled out.  Fortunately, it's a Sunday, so we've got a little
> > time before the Monday morning zombies come rolling in and contributing
> > to the problem.  :)
>
> I have two in my mail box today... 

        Anyone have the binary?  I don't need copies of the e-mail in
question since the content does not appear to change.  I'd like to get my
hands on the .exe file that this site tried to disseminate.  I just
visited the page a little while ago and the directory and file are now
missing.

        Preliminary pokes around the domains seem to indicate the involved
party is in Panama, but this is the result of initial findings only.

- -Jay

  (    (                                                          _______
  ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `-------- Real men prefer full disclosure. --------'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO3cjLblDRyqRQ2a9AQE/kAQAnC57oJSGVonMtlKsPNEtb8qj5zuH1Zsq
E5rIMOsaOz16JnNIJO4PLrVwapBlJPJH6KAR+LyTmzKo+2UyScvN0PRBWPCfBHdn
BpUTky8717RlJvmL47o2evluiKkKOtoYt/7FKs5D1F+i0MyT2VQR75aclkDhkdB0
JvbfWp/L+Pc=
=uirL
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com