[Dshield] Virus on www.messengertools.[removethis].org
dshield.org at keithbergen.com
Mon Oct 24 16:12:08 GMT 2005
Well, I submitted it to AVG, and they came back saying:
"It's a new variant of Worm/Kelvir virus. It will be added to the next
virus definitions update. Thank you for sending the sample."
Also, the site appears to now be down ... Just a banner showing a
"default" page. I checked and the PHP script doesn't work anymore
It's the small victories!
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Tom
Sent: Saturday, October 22, 2005 9:59 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Virus on www.messengertools.[removethis].org
So what is it for real?
Looks like its just a windows exe virus/trojan/zombie.
I remain amazed that anyone would allow executables to be
autodownloaded from mail or websites anymore as each one of us will
be near "patient zero" one of these days and be infected before AV
vendors catch, fingerprint and distribute database updates.
Just my 2 cents,
At 4:35 PM -0400 10/22/05, <dshield.org at keithbergen.com> wrote:
>FYI. I have downloaded it and can send it as an encrypted zip to
>that would like to look at it.
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see:
Using .Net? Need to know more about .Net Security?
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list