[Dshield] Virus on www.messengertools.[removethis].org

dshield.org@keithbergen.com dshield.org at keithbergen.com
Mon Oct 24 16:12:08 GMT 2005


Well, I submitted it to AVG, and they came back saying:
"It's a new variant of Worm/Kelvir virus. It will be added to the next
virus definitions update. Thank you for sending the sample."

Also, the site appears to now be down ... Just a banner showing a
"default" page. I checked and the PHP script doesn't work anymore
either.

It's the small victories!

Keith.

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Tom
Sent: Saturday, October 22, 2005 9:59 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Virus on www.messengertools.[removethis].org


So what is it for real?

Looks like its just a windows exe virus/trojan/zombie.

I remain amazed that anyone would allow executables to be 
autodownloaded from mail or websites anymore as each one of us will 
be near "patient zero" one of these days and be infected before AV 
vendors catch, fingerprint and distribute database updates.

Just my 2 cents,
Tom
At 4:35 PM -0400 10/22/05, <dshield.org at keithbergen.com> wrote:
>All,
>
>FYI. I have downloaded it and can send it as an encrypted zip to
anybody
>that would like to look at it.
>
>Keith.
...snip...
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list