[Dshield] Help Needed With Dissection of Exploit

Tom Liston tliston at premmag.com
Wed Aug 10 16:05:23 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Nemo Omen wrote:
> I became aware of a new piece of spam last week. It tells me I can get bank 
> account passwords and transfer some money into my account too. A deal too 
> good to refuse. The address is http:/www.asdfgh.org/passwords.html  Don't 
> load this site up unless you are happy to infect your machine or use a non 
> m/s o/s.


Nemo-

In one of my "Follow the Bouncing Malware" articles, I outlined a method
of quickly decoding stuff like this by allowing the malicious code
itself to do the work for you:

http://isc.sans.org/diary.php?date=2005-05-11

Regards,

- -TL
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFC+iXDo6r9fhzAJkoRA+r8AJ9rJzB3K+8kqND2LKoGBnY+tZKdPQCeN6Hu
qWxLHoq6dVUozMZauQ8XExs=
=WURV
-----END PGP SIGNATURE-----


More information about the list mailing list