On Wed, 16 Jun 2004 08:23:59, [EMAIL PROTECTED] wrote: > Anyone want to try and analyze what this thing is? It was spammed to > about 30 addresses here this morning.
The end stage appears to be a new variant of the Cjdra proxy trojan. This person has been spreading trojans via spammed-exploit for a while now, and now it looks as if he/she has upgraded to the latest IE exploit. http://vil.nai.com/vil/content/v_100939.htm describes an older variant. -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
