[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] New virus?
- To: "the rxmr" <the.rxmr@xxxxxxxxx>, "Bernardo Santos Wernesback" <bernardo@xxxxxxxxxx>
- Subject: RE: [Full-Disclosure] New virus?
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Mon, 27 Sep 2004 15:27:43 -0500
Has anyone been able to grab the files from the BR domain server? Are
they using the JPEG hole..just it is just a pishing type thing?
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of the rxmr
Sent: Monday, September 27, 2004 2:14 PM
To: Bernardo Santos Wernesback
Cc: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] New virus?
----- Original Message -----
From: Bernardo Santos Wernesback <bernardo@xxxxxxxxxx>
Date: Mon, 27 Sep 2004 14:44:58 -0300
Subject: [Full-Disclosure] New virus?
To: full-disclosure@xxxxxxxxxxxxxxxx
Hi everyone,
Has anyone seen a lot of HTTP activity to a certain site:
http://www.fotosgratis.pop.com.br ?
One of our clients has several machines making tons of requests for TXT
files on that server:
botao.txt
mswinsck.txt
ita01.txt
caixa01.txt
teclado07.txt
caixa01.txt
caixa02.txt
caixa03.txt
caixa04.txt
caixa05.txt
Thanks for any info.,
_____________________________________________________
Bernardo Santos Wernesback
ESSE,ESS,SCSE,CCNA/DA,
CCSA,CQS,MCP
Consultant / ISH Tecnologia
Phone: +55-27-3334-8900
Mobile: +55-27-8111-0884
Email: bernardo@xxxxxxxxxx
PGP Fingerprint:
6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43 95F5
This should answer your quetions.
It is a trojan - TROJ_BANCOS.BW or a variant.
http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?V
name=TROJ_BANCOS.BW
From the page:
"
Description:
This Trojan attempts to download the following image files in the folder
%Windows%\inf:
* botao.bmp
* caixa01.jpg
* caixa02.jpg
* caixa04.jpg
* caixa05.jpg
* ita01.jpg
* teclado_05.jpg
* teclado_07.jpg
* teclado_gere03.jpg
* teclado_gere04.jpg
* teclado_gere05.jpg
* teclado_gere06.jpg
"
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html