Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Virus Outbreak Attacking MS05-039 WIN2K

From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 15 Aug 2005 11:29:27 -0500
That is very possible, but a "update" would have to be made to the bot
client to get this webserver on the box with a phishing site. So why not
just wait and do the DNS poison when the website is up and working,
instead of before...this just tells people that something is wrong.
 
It doesn't help the worm, it is just leftover junk from the Mytob - as
Joe pointed out.
 
-Todd

________________________________

        From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Jan
Nielsen
        Sent: Monday, August 15, 2005 11:14 AM
        To: full-disclosure () lists grok org uk
        Subject: RE: [Full-disclosure] Virus Outbreak Attacking MS05-039
WIN2K
        
        
        Perhaps the next phase of the virus is a phishing attack to get
people to go to a local webserver initiated by the virus to capture
login/credentials from those site ?
         
        Jan
         
        -----Original Message-----
        From: Andrew Smith [mailto:andrew.rse () gmail com] 
        Sent: 15. august 2005 17:27
        To: Mike
        Cc: full-disclosure () lists grok org uk
        Subject: Re: [Full-disclosure] Virus Outbreak Attacking MS05-039
WIN2K
         
        Can anyone explain why this virus chooses to block ebay, amazon
and paypal?
        This seems foolish if the intention is to remain on the
compromised host un-noticed.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: