----- Original Message ----- From: "Nick FitzGerald" <[EMAIL PROTECTED]> Subject: [Full-Disclosure] Re: New Virus? > > Finally, the URLs you supplied in full all seem to be truly dead now, > but whatever it is could be being spread through multiple vectors and > multiple sites, so getting samples to those who can distribute > detection as far and fast as possible shold always be a priority with > such things, rather than something you think about after exhasusting > your own investigations...
the same procedure: I got today at 1:03 pm from #229996748 a msg. In her details is a working URL with the same system, a fake 404-Error-message, dn.php (that acts as a .hta), that generates via VBScript a q.vbs, which downloads 3.jpg, which is an exe, etc. This URL works: http://www.daytalker.de/pics/Julia.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
