Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I love you Author evidence ?

From: sachsm () JTFCND IA MIL (Sachs, Marcus)
Date: Mon, 8 May 2000 11:31:23 -0400

Well, how about this theory:  the script was a work in progress, being
passed between a couple of developers by email.  The recipient made a
mistake and double-clicked the attachment rather than saving it to a
directory where he could continue to work on it using VB or another script
editor.  OOOOPS!  Released that sucker before we were ready to!  Oh, Crap!

ms

-----Original Message-----
From: Thierry [mailto:thierry () WAATLEEFT LU]
Sent: Monday, March 06, 2000 5:32 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: I love you Author evidence ?

Hello,
On 10/01/2000
a guy going by the nick of spider submitted a program called barok to
TLSecurity. He also submitted (kindly) a screenshot of the results, in which
he alwayws disclose the isp he used etc...
http://www.tlsecurity.net/backdoor/barok.htm
This is the url with the screenshot. If we look closer at The *Bugfix.exe
downloaded by the vbs script, and looking a the X-mail fields it sends
(source X-Force.)
To: mailme () super net ph
Subject: Barok... email.passwords.sender.trojan
X-Mailer: Barok... email.passwords.sender.trojan---by: spyder
We see that it has Barok in it so presumably *bugfix.exe is nothing more
then barok 1 or 2 (or a mod) from the same author.
Thierry Zoller
http://www.TLSecurity.net
Previous By Date Next
Previous By Thread Next

Current thread: