Date: Fri, 29 Aug 2008 18:00:28 +0000 From: Jenna S. <[EMAIL PROTECTED]> Subject: Hi, remember me?..
in archive my new fotos hxxp://xsitejobs.com/myfoto.exe Jenna :)
link de-fanged. more URLs hxxp://shot-by-frogg.de/My_foto.exe hxxp://armonia-spa.com.ar/My_foto.exe hxxp://warmymusic.com.ar/My_foto.exe all yield MD5: 4097df28691722645d6a505696225ecf SHA1: ddf82a109f7d14efc0146549d79a8c905c5b0612 File type: MS Windows PE File size: 143360 bytes A/V INFO: ----------------------------------------------- SCANNER: VScanner VIRUS: Unknown, file is "suspicious" SCANNER: AVG VIRUS: No virus found. SCANNER: ClamAV VIRUS: No virus found. SCANNER: BDC VIRUS: Trojan.Srizbi.Dropper.1.Gen ----------------------------------------------- New Files C:\WINDOWS\system32\drivers\grande48.sys Create Service - Name: (grande48) Display Name: (grande48) File Name: (C:\WINDOWS\system32\drivers\grande48.sys) Control: () Start Type: (SERVICE_AUTO_START) whee ... ------------------------------------------------------------- jose nazario, ph.d. <[EMAIL PROTECTED]> security researcher, office of the CTO, arbor networks v: (734) 821 1427 http://asert.arbornetworks.com/ _______________________________________________ Malware-track mailing list [EMAIL PROTECTED] http://mal-aware.org/mailman/listinfo/malware-track _______________________________________________ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets