why r u guys still entertaining this clown? he created this juari acct
yest just to screw w/ ppl:
Juari Bosnikovich [EMAIL PROTECTED]
(from m-net.arbornet.org, is a public acess unix box in maine)
Login: juarib Name: Juari Bosnikovich
Directory: /home/guest/juarib
Dear all,
Is this know to you ? FIrst time I see this one, but certainly widespread on the net.
It is sent with an Exe Attachment named remove-smss-patch.exe...
Attachment has been blocked, so I will not be able to forward it on request.
Is it a Spam or a try to install some Trojan and Ask for
Everyones favorite web ad company has a XSS.
http://webpdp.gator.com/4/message/382/?q=cD0zMTk=titlejesus loves you/title
enjoy
_
Weight Loss products, Herbal Viagra, and much more!http://www.VitaDepot.com
I apologise if this has already been posted.
it's nearly the same rubbish as within the *Attempt to steal paypal password *.
Button is leading to http://%77%77%77%2e%76%62%69%6c%6c%2e%62%69%7a/ = www.vbill.biz
(Domain Infos see below VISA - Message)
regards
roman
_start
It seems that the virus writer put his anagramm into his creation.
If you view the malware with a hexeditor you can read the letters AU
at the end of the file (beginning at 7F20 end at 7F70)
according to my disassembling the virus writer used c++ with assembler
includes and he has average
why r u guys still entertaining this clown? he created this juari acct
yest just to screw w/ ppl:
It really calms me to see that someone finally says something to this pretty
obvious lark. Someone had an outburst of gobbles-style humour here and you
folks gleefully swallowed the bait.
I, for
Rapaille Max [EMAIL PROTECTED] wrote:
Is this know to you ? FIrst time I see this one, but certainly widespread on the
net.
It is sent with an Exe Attachment named remove-smss-patch.exe...
Attachment has been blocked, so I will not be able to forward it on request.
Is it a Spam or a try to
Is this know to you ? FIrst time I see this one,
but certainly widespread on the net.
It is sent with an Exe Attachment named
remove-smss-patch.exe...
http://www.google.com/search?q=remove-smss-patch.exe
___
Full-Disclosure - We believe in it.
One of the ways Google determines ranking is by how many
links exist to a given site or object. If you convince a
number of people to provide a link from the word bastards
pointing to www.sco.com, Google assumes it's a popular site
for that topic and ranks it accordingly.
Actually those
Am Fri, 30 Jan 2004 09:42:30 +0100, schrieb Rapaille Max [EMAIL PROTECTED]:
Hi,
Is this know to you ? FIrst time I see this one, but certainly widespread on the net.
It is sent with an Exe Attachment named remove-smss-patch.exe...
Attachment has been blocked, so I will not be able to forward
Let's go into basic security, forth and assembler tsr(terminate stay
resident programs).
1. Internet Protocols exits to tranfer data with very little
code they involve services such as SMTP(HELO), tftp boot, and others,
telent, etc. They require very little knowledge and since I teach network
On Thu, 2004-01-29 at 22:59, Cael Abal wrote:
Hi Henrik,
8086 asm and Forth knowledge, although less common these days, isn't
necessarily an indicator of shining intelligence or insight. And as
for your 'great knowledge' comment -- the sad reality is this: It
really doesn't take a whole
First there is nothing in your analysis that excludes an embedded forth
interpreter or code, second there are fingerprints for a tsr. Since it is
an .exe and quite able to install one. Was there a search to eliminate
the possibility? There is plenty of unanalyzed code and looking at the
I have forwarded on the details of this to [EMAIL PROTECTED] (hosting the
netblock that hosts the site that the URL decodes to (www.vbill.biz) )
From: Visa Service ([EMAIL PROTECTED])
Subject: Visa Security Update
Dear Sir/Madam,
We were informed that your credit card is used by another person
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-04:01.mksnap_ffs Security Advisory
The FreeBSD Project
Topic:
The message contains Unicode characters and has been sent as a binary attachment.
attachment: readme.scr
[My apologies if you receive multiple copies of this message]
# #
#DIMVA SUBMISSION DEADLINE EXTENDED#
# #
On Friday 30 January 2004 12:02 pm, Clairmont, Jan wrote:
First there is nothing in your analysis that excludes an embedded
forth interpreter or code,
Yes, but there IS an embedded pong game written in ADA. Can you prove
there isn't? How about the fact that Juari already admitted there was
Hello madsaxon,
* madsaxon [EMAIL PROTECTED] [2004-01-30 18:59]:
how does such a google bombing work?
Hi Nico,
One of the ways Google determines ranking is by how many
links exist to a given site or object.
it was my first idea, but the dimension of links needed i thought is to
big.
has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I typically dont respond to posts, but I will say that you basically
hit the nail on the head security has and is starting to become the next
level of mcse's. I dont proclaim to be any sort of hacker although I
am lumped into this category by the
Well, I know you should feed the trolls, but anyway...
On Fri, 2004-01-30 at 16:23, Uncle Scrotora Balzac wrote:
I love hearing security people talk about script kiddies. It's the funniest
thing to see them walking around with their chests pushed out like peacocks,
as they scoff the silly
On Fri, 2004-01-30 at 15:47, Nick Price wrote:
I wonder when someone will get about 500 domains and start googlebombing
businesses and the like for a fee...
I believe that it has been done. I was in a presentation about a year
ago where a marketing guy from the US explained how Google ranks
Well, I know you should feed the trolls, but anyway...
On Fri, 2004-01-30 at 16:23, Uncle Scrotora Balzac wrote:
I love hearing security people talk about script kiddies. It's the funniest
thing to see them walking around with their chests pushed out like peacocks,
as they scoff the silly
Given that its possible for a program to detect that its being run under
a debugger,
wouldn't it be possible for a virus to behave differently in the debug
environment?
Yes. But todays computer viruses are very simple and very weak. Wait a few
years and they should be a lot more powerful.
[...]
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
first last
Given that its possible for a program to detect that its
being run under a debugger,
wouldn't it be possible for a virus to behave differently in
the debug environment?
Yes. But todays computer viruses
Hi Uncle S
I agree, the script kiddie is often foolishly disregarded as a threat. A
person with a gun doesn't necessarily need an MSc in ballistics to make him
a greater threat, he/she just needs to know how to pull the trigger.
-andy
Talisker Security Tools Directory
Hi,
It's been a long day and I don't normally bite but I will
Some talk about script kiddies in a derogative way, but still have to admit
that they are a threat. (ask Steve Gibson ;o) I'd prefer to get on my
soapbox about those individuals on the other side of the fence in the
security world,
all i can say is they have to start somewhere
-- That is why my friends and i started Mostly-Harmless,
we educate those persons by telling them what is good and what
is wrong, so we can convince them script kiddie is not good
having knowledge is good, (if u use it properly),
so we tend to keep
IE: how do you know that the behavior you see in the lab reflects
behavior in
the real world? (I get a kind of 'schrodingers cat' deja vu).
You can always disassemble the virus, which is what people
will do if it's a real popular one such as MyDoom.
IIRC there are viruses that are encrypted
Hello Wray
2004. janur 30., 21:56:22, rtad:
Plenty of software I am curious also, but secure, the how over there, which out there
won't, VMWare run for instance,. His encoding shies unfortunately on account of worm
one bug under about runner debugger systematically. Worm I looked on
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
first last
[snip]
IIRC there are viruses that are encrypted and are almost impossible
to disassemble?
Would that be true?
Sobig.F was packed with tElock. It's a PE file protector. It
encrypts the program's code and
the possibility? There is plenty of unanalyzed code and looking at the
dissassembled code there are fingerprints of a tsr and forth in my opinion,
Plenty, eh? After de-UPX-ization, this thing is about 56k.
TSR in Windows?
And where do you see the Forth traces?
Looks a heck of a lot more
Thats because been a sheep farmer in the australian outback is a lot harderthan anything you will probably do in your life.As for the script kiddies... all i can say is they have to start somewhere.They might not write the exploit, but they weren't the ones that made thempublic for everyone to
to successfully unpack the program. All they really needed to
do was dump it from memory while it was running and they could've
analyzed
it immediately with any disassembler.
Forgive me, I am no assembly hacker nor much of a programmer,
but would it be possible for a program to 'react' in some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you had read the README-FIRST.TXT file you would know that the files
are self-extracting archives.
Secondly, wouldn't it be somewhere in the neighborhood of dumb to
massively idiotic for me to post virii examples that I have trojaned
with my
Am I the only one that found it to be a little bit shady that these were
made available as executables? Is the B version posted somewhere as
just a plain zip? I don't seem to have already received my free copy in
the mail yet.
On Fri, 2004-01-30 at 12:17, Daniel Spisak wrote:
G'Day,
Chaosreader has been mentioned here before, it's a freeware tool to
process TCP/UDP/ICMP/Application data from snoop/tcpdump logs.
It can now process X11 and VNC, including playback (experimental).
The mains features are now,
Reads snoop and tcpdump logs
Processes TCP,
Your mail to 'Full-Disclosure' with the subject
Test
Is being held until the list moderator can review it for approval.
The reason it is being held:
Post by non-member to a members-only list
Either the message will get posted to the list, or you will receive
notification of the
Hi,
Attached is my Serv-U SITE CHMOD exploit. Should be pretty script kiddie
friendly.
Cheers,
SkyLined
-BEGIN PGP PUBLIC KEY BLOCK-
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
Comment: Berend-Jan Wever - [EMAIL PROTECTED]
39 matches
Mail list logo