]
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Another noxious M$ trojan
For all who were interested in reviewing the suspect binaries, I have
posted them on my Web site:
http://www.gilliss.com/greg/bin/awsqyf.zip
http://www.gilliss.com/greg/bin/update1991.zip
The first is 52521 bytes
All:
Following up on the binaries, I scanned the originating host:
Interesting ports on dns.njuct.edu.cn (202.119.248.66):
(The 1515 ports scanned but not shown below are in state: closed)
...
31 tcp ports and several hundred udp ports snipped
...
Remote OS guesses: Solaris 2.6 - 2.7, Solaris 7
Gregory A. Gilliss [EMAIL PROTECTED] wrote:
For all who were interested in reviewing the suspect binaries, I have
posted them on my Web site:
Not at all smart -- this is self-replicating code which poses certain
complexly more interesting ethical issues than simple vulnerability
exploit PoC
Hello,
Wondering if anyone on this list downloaded this virus? If so, may I have a copy? THANKS
Sam"Gregory A. Gilliss" [EMAIL PROTECTED] wrote:
Hello all:Heads up - I received this in my mailbox this afternoon (Wednesday PST). Headers:From [EMAIL PROTECTED] Wed Nov 19 16:51:17 2003Received:
Right off the bat I am going to be leary of any email supposedly from a
major vendor that can't get the year right.
Bart Lansing
Manager, NeSST
Kohl's IT
[EMAIL PROTECTED] wrote on 11/20/2003 01:01:19 PM:
Hello,
Wondering if anyone on this list downloaded this virus? If so, may
I
attachments -)
G
-Original Message-
From: Gregory A. Gilliss [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 6:22 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Another noxious M$ trojan
Hello all:
Heads up - I received this in my mailbox this afternoon
