[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] New virus?
- To: Bernardo Santos Wernesback <bernardo@xxxxxxxxxx>
- Subject: Re: [Full-Disclosure] New virus?
- From: the rxmr <the.rxmr@xxxxxxxxx>
- Date: Mon, 27 Sep 2004 14:23:54 -0500
On Mon, 27 Sep 2004 14:44:58 -0300, Bernardo Santos Wernesback
<bernardo@xxxxxxxxxx> wrote:
>
> Hi everyone,
>
> Has anyone seen a lot of HTTP activity to a certain site:
> http://www.fotosgratis.pop.com.br ?
>
> One of our clients has several machines making tons of requests for TXT files
> on that server:
>
> botao.txt
> mswinsck.txt
> ita01.txt
> caixa01.txt
> teclado07.txt
> caixa01.txt
> caixa02.txt
> caixa03.txt
> caixa04.txt
> caixa05.txt
>
> Thanks for any info.,
>
>
>
> _____________________________________________________
>
>
> Bernardo Santos Wernesback
>
>
>
>
> ESSE,ESS,SCSE,CCNA/DA,
>
>
> CCSA,CQS,MCP
>
>
>
>
>
>
> Consultant / ISH Tecnologia
>
>
>
>
> Phone: +55-27-3334-8900
>
>
>
>
> Mobile: +55-27-8111-0884
>
>
> Email: bernardo@xxxxxxxxxx
>
> PGP Fingerprint:
> 6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43 95F5
>
I should also mention that the file "mswinsck.txt" is found on
machines compromised by these two:
W95/Music@M
http://vil.nai.com/vil/content/v_98889.htm
and
Helios
http://www.pestpatrol.com/pestinfo/h/helios.asp
Another interesting link I found was this one, but I can't translate it:
http://big5.pconline.com.cn/b5/www.pconline.com.cn/pcedu/soft/virus/da/0409/449519.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html