Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (no subject)

From: Michael Erdely <mike () erdelynet com>
Date: Mon, 09 Aug 2004 16:07:02 -0400
ClamAV calls it Trojan.JS.Runme.  My update for it came at 3 PM EDT today.

From ClamAV Update list:
Submission: 5025-web, 5026-web, 5027-web, 5028-web, 5029-web, 5030-web, 5043-web, 5044-web, 
5045-web, 5046-web, 5047-web, 5048-web
Sender: James Stevens, Bill Landry, Henning Spjelkavik, Melanie Dussiaume, Roman Scheucher, Gunter Mintzel, Mike Watterson, Martin, Rob Kudyba, wojciech myszka, Philip Corliss, Kevin Way Virus: unknown, JS/IllWill (McAfee), JS.Dword.dropper (Bitdefender), JScript/IE.VM.Exploit (Inoculate) 
Alias: TR/RunMe.Dldr.1 (Hbedv)
Added: Trojan.JS.RunMe
Added: Trojan.RunMe
Note: The name may change.
Note: There are more submissions with this; at the moment I'm publishing just some of them. 

-Mike

Jonathan Grotegut wrote:


(In regards to new_price.zip file attachment)

Anyone have any idea what this is, we had some clients just get pretty
hard with this email.  I am unable to find anything on it, from my VERY
Limited knowledge it appears to be a virus exploiting one of the many
holes in IE.  Anyone else see anything on this yet?

Jonathan Grotegut

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: