It's the Xombe Trojan/Downloader. > -----Original Message----- > From: Otero, Hernan (EDS) [mailto:[EMAIL PROTECTED] > Sent: Friday, January 09, 2004 11:48 AM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Virus / Trojan > > > Today found this suspicious file attached to an email, > obviously is a virus (our AV don�t detect it :-( ). The > virus/trojan is very simple, the developer only put effort in > obfuscate the strings inside the binary. > > The executable file try to connect to gamemaniacs.org and > download a file. This file will be located in the system directory > > The url used in the GET is: > > gamemaniacs.org /download/get.php?dist=2 > > This will download the binary saved as msvchost.exe > > any one know what virus/trojan is this? > > > > -H > > > <<VIRUS1_DETECTED_AND_REMOVED_winxp_sp1_VIRINFO.TXT>> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
