<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: new WIN virus?

Re: new WIN virus?

From: Gregor Lawatscheck <gpel_at_mpex.net>
Date: Fri, 30 Jan 2004 04:04:33 +0100

Atom 'Smasher' wrote:
[...]
> the original spam, the page that it requests, and the suspicious "exe"
> file:
> http://smasher.suspicious.org/tmp/live-virus.tgz
>
[...]
> updatte.exe was tested on:
> yahoo-mail
> http://www.kaspersky.com/remoteviruschk.html
> http://www.dials.ru/english/www_av/
> http://www.rav.ro/scan/indexn.php
> and they all reported that the file poses no threat. i suspect they're
> wrong.

I've submitted this file to AVERT WebImmune ( https://www.webimmune.net
) and they now detect it as
a password phishing Trojan called "pws-polk". I've also sent a sample to
newvirus (at) kaspersky.com so they get a chance to update their signatures.

- Gregor
Received on Feb 03 2004

This message: [ Message body ]
Next message: Mike Healan: "Re: virus handling"
Previous message: Zero_X www.lobnan.de Team: "Directory Traversal in Aprox PHP Portal."
Maybe in reply to: markus-1977_at_gmx.net: "Re: new WIN virus?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos