Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: homepage worm

From: "Los, Ralph" <rlos () ENVESTNET COM>
Date: Wed, 9 May 2001 11:03:12 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry to say, it's now hit MidWest US mainland as of 5:54am CST.  Our
e-mail filters completely filter our .vbs attachments so this one
never stood a chance....great work by black-hand for presenting the
decode and source!

Good luck,

Ralph M. Los
Sr. Internet Systems & Security Admin.    (312) 827-3945 (direct)
EnvestNet Advisory Corp.                  (312) 296-9003 (wireless)
rlos () envestnet com


- -----Original Message-----
From: Kris Boulez [mailto:krbou () PGSGENT BE]
Sent: Wednesday, May 09, 2001 1:32 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: homepage worm


Quoting black-hand (black () WIRETAPPED NET):

Hi,

There is a new VBS worm doing its rounds down here in Australia at
the moment, a lot of virus scanners arnt picking it up. Its not a
malicious payload, but still..

ive put up the email, attachment and payload info here:

http://black.wiretapped.net/homepagevirus.asp

to bypass virus scanners, it does a simple decypher then execute



It's also running around in Europe. Description of this one can be
found
at


http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_HOM
EPAGE.A

Kris,

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOvlqGnM6eMaR3AeZEQJ23gCgk+Z3hM0U3DWHG6nqGipC5i/r9rcAnjuB
2ZXFNyCvSby29eyDOzltGG+F
=AKNE
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: