[Dshield] Blocked Dshield list

Bruyere, Michel mbruyere at ezemcanada.com
Tue Sep 23 18:17:06 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Michael, 
		Thanks for the clarification ;) 

IO was pretty sure that iwasn't a real infection but i had to be 100% sure,
so i asked ;) 



M.Bruyere


<SNIP>
> ----------
> 
> What I did, was take the executable, put it on a unix system, run strings
> on
> it to pull out the ascii text of the binary and posted portions of it to
> the
> list. It's triggered some av systems. In a nutshell, I posted relevant
> portions that appear to indicate that this is not only passed via email
> (from fake MS notice, as well as a Postfix daemon return error), but it
> also
> puts hooks into mIRC, IRC, USnet, and Kazza for distribution and has a
> builtin smtp client.
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj9wjjkACgkQdZnvpcG99dhLQwCcDryUccYgmiySm+Q9L/5GaQ4v
oLcAn0qR+BonEmOk8eM8gEivEUayEHKN
=+yt1
-----END PGP SIGNATURE-----




More information about the list mailing list