[Dshield] Virus on www.messengertools.[removethis].org

dshield.org@keithbergen.com dshield.org at keithbergen.com
Mon Oct 24 16:12:08 GMT 2005

Well, I submitted it to AVG, and they came back saying:
"It's a new variant of Worm/Kelvir virus. It will be added to the next
virus definitions update. Thank you for sending the sample."

Also, the site appears to now be down ... Just a banner showing a
"default" page. I checked and the PHP script doesn't work anymore

It's the small victories!


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Tom
Sent: Saturday, October 22, 2005 9:59 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Virus on www.messengertools.[removethis].org

So what is it for real?

Looks like its just a windows exe virus/trojan/zombie.

I remain amazed that anyone would allow executables to be 
autodownloaded from mail or websites anymore as each one of us will 
be near "patient zero" one of these days and be infected before AV 
vendors catch, fingerprint and distribute database updates.

Just my 2 cents,
At 4:35 PM -0400 10/22/05, <dshield.org at keithbergen.com> wrote:
>FYI. I have downloaded it and can send it as an encrypted zip to
>that would like to look at it.
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 

Using .Net? Need to know more about .Net Security?

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list