Security Incidents mailing list archives
Re: ICQ Users a target Again!
From: claymore <claymore () ADELPHIA NET>
Date: Wed, 28 Mar 2001 14:46:32 -0500
Yes, this appears to be a version of Hybris. Of course, without actually seeing it I cannot be certain, but it fits the pattern. Random 8 Character attachment name with no subject or message body. Check your favorite AV vendor for "Hybris" Claymore the unprofound -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Lee Hetherington Sent: Wednesday, March 28, 2001 3:31 AM To: INCIDENTS () SECURITYFOCUS COM Subject: ICQ Users a target Again! Hi Guys, I got an email today when I arrived at work which seemed to originate from the MAILER-DAEMON account on one of our machines running Sendmail. The message had no body but had one attatchment. The file LEOKIALE.EXE is 23Kb in Size and Hasnt been opened... It was to a personal address of my own which is only used in ICQ... Message Headers:- Return-Path: <root () ns1 asphost net> Received: (from root@localhost) by XXX.asphost.net (8.11.0/8.8.7) id f2RGNGL32025 for lee () asphost net; Tue, 27 Mar 2001 17:23:16 +0100 Received: from isis.hol.gr (isis.hol.gr [194.30.192.21]) by XXX.asphost.net (8.11.0/8.8.7) with SMTP id f2RGLeZ32019 for <xxxxxx () kerfuffle net>; Tue, 27 Mar 2001 17:21:40 +0100 Date: Tue, 27 Mar 2001 17:21:40 +0100 From: MAILER-DAEMON () ns1 asphost net Message-Id: <200103271621.f2RGLeZ32019 () ns1 asphost net> Received: (qmail 6678 invoked from network); 27 Mar 2001 16:08:03 -0000 Received: from vdp201.ath02.cas.hol.gr (HELO r8f9e9) (195.97.117.202) by isis.hol.gr with SMTP; 27 Mar 2001 16:08:03 -0000 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VE27O9EV0H27012FOLUR" Status: Anyone else seen this? Lee Lee Hetherington Production Network Engineer Grey Matter Advanced Marketing Limited T: +44 1242 237600 DL: +44 1242 246139 F: +44 1242 237633 W: greymatterltd.com Suite 4, Fairview Court, Fairview Road. Cheltenham, Gloucestershire GL52 2EX UK
Current thread:
- ICQ Users a target Again! Lee Hetherington (Mar 28)
- Re: ICQ Users a target Again! claymore (Mar 28)
- Re: ICQ Users a target Again! Hugo van der Kooij (Mar 28)