Re: Possible First Crypto Virus Definitely Discovered!

[Martin Wasson <marto () fightingillini com>]

Billy,
As FD's foremost expert on virii, can you answer a question for me?  Is
it possible that this is one of Polly Morfick's viruses?  They can change ports, right?  After seeing your discovery, I 
too found a computer at home trying to infect the Internet with the 443 virus.  Though I too have now shut down port 
443 outbound on my border Tiny Personal FW at home, my Windows ME workstation is STILL launching attacks against the 
Internet on ports 53, 80, and 25.  I discovered that my wife's computer has the virus too, and has been trying to 
infect port 80 on a machine called www.married-women-looking-for-action.com.  The funny thing is, I thinks it's on a 
timer, because it doesn't even start attacking until after I go to bed.  Weird!!!  Another thing is, the virus also 
seems to be asking a computer (who's name is apparently "arp") for some kind of encrypted data. I think the virus's 
encrypted name might be either 00-0D-35-B4-56-01 or 172.16.10.10, because it's asking this "arp" whohas 
00-0D-56-75-B4-46, and to tell 172.16.10.10 if it finds it.  NOT goo!
 d!!  I tried to research it, but only came up with stuff about Apple Computer addresses and something called 
Hexadecimals.  As you can imagine, I don't even HAVE any MACs, just PCs, and 00-0D-35-B4-56-01 looks more like 
HexaDASHES than Hexadecimals. What gives?

SMARTACVS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html