Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: MCAFEE E-MAIL SCAN ALERT!~RE: [FULL-DISCLOSURE] NEW WORM DISCOVERY - POTENTIAL KORGO VARIANT

From: "Chontzopoulos Dimitris" <dchontzo () abc gr>
Date: Thu, 24 Jun 2004 19:43:24 +0300
McAfee says <W32/Gaobot.worm.gen.j>


 -----Original Message-----
From:         full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]  On Behalf 
Of Michael Young
Sent: Thursday, June 24, 2004 5:39 PM
To:   'Peter Kosinar'; full-disclosure () lists netsys com
Subject:      MCAFEE E-MAIL SCAN ALERT!~RE: [FULL-DISCLOSURE] NEW WORM DISCOVERY - POTENTIAL KORGO VARIANT


Attachment file : VDisp.save
Virus name: W32/Gaobot.worm.gen.j
Action taken : Unable to Clean...

Attachment file : VDisp.save
Virus name: W32/Gaobot.worm.gen.j
Secondary Action taken : Moved...

Thank you for bringing that to my attention.  Here is the attachment.
Again, rename to .exe

-----Original Message-----
From: Peter Kosinar [mailto:goober () ksp sk]
Sent: Thursday, June 24, 2004 10:36 AM
To: Michael Young
Subject: Re: [Full-disclosure] New Worm Discovery - Potential Korgo Variant


creates a registry entry in RunServices and Run to load.  I am anxious to
hear any feedback anyone has regarding this issue as we are still

attempting

to reduce network traffic and alleviate any remaining issues.  I have
attached a copy of the executable (rename to .exe).


Are you sure you didn't forget to attach the attachment ? Or was it
stripped from the mail somewhere on the route ?

Your sincerely,

Peter Kosinar




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: