[Dshield] Possible New Worm/Virus/Trojan

Paul Ferguson fergdawg at netzero.net
Thu Apr 17 22:27:50 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "stcarey at juno.com" <stcarey at juno.com> wrote:

>In the last hour we have seen over 150 E-Mails (world-wide) trying to send
>an attachment called "photo.e x e".  Our mail policy requires stripping of
>all executables so can not get a copy of the suspect attachment.  Maybe
>someone out there and get a copy and find out what it does.   
>

It's a new Pandex Trojan agent.

Someone already has obtained a copy of it, but detection is currently
pretty low right now:

http://www.virustotal.com/analisis/a8844c3354ee328143ab7f5cb451b56a

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIB87Cq1pz9mNUZTMRAu52AKDKWocsECg+19LP9y+cZ1x5mTp9sACfcyLv
mVVhXpn051IGekdwtCn1rXY=
=h9Ke
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the list mailing list