funsec mailing list archives
Re: Britney Spears helps spread malware
From: Axel Pettinger <api () worldonline de>
Date: Thu, 12 Apr 2007 01:15:33 +0200
It seems that a new variant of that malware is out there. The detection rate is as usual quite low at the moment. The "exact" identifications are probably misdetections ... Subject (of the mail I've received): Hot pictures of paris hilton nude From: Nude jennajameson.com The mail loads a picture of Jenna Jameson, not Paris Hilton - and not really nude. In connection with the code which is loaded (from one of at least five web sites) after clicking on the image McAfee reports an "Exploit-MS06-006.gen trojan"[1]. VirusTotal results: Antivirus Version Update Result AhnLab-V3 2007.4.12.0 04.11.2007 no virus found AntiVir 7.3.1.50 04.11.2007 TR/Agent.36864 Authentium 4.93.8 04.11.2007 no virus found Avast 4.7.936.0 04.11.2007 Win32:Small-ESE AVG 7.5.0.447 04.11.2007 no virus found BitDefender 7.2 04.12.2007 no virus found CAT-QuickHeal 9.00 04.11.2007 (Suspicious) - DNAScan ClamAV devel-20070312 04.11.2007 no virus found DrWeb 4.33 04.11.2007 no virus found eSafe 7.0.15.0 04.11.2007 no virus found eTrust-Vet 30.7.3560 04.11.2007 no virus found Ewido 4.0 04.10.2007 no virus found FileAdvisor 1 04.12.2007 no virus found Fortinet 2.85.0.0 04.11.2007 suspicious F-Prot 4.3.1.45 04.11.2007 no virus found F-Secure 6.70.13030.0 04.11.2007 no virus found Ikarus T3.1.1.5 04.11.2007 no virus found Kaspersky 4.0.2.24 04.11.2007 no virus found McAfee 5006 04.11.2007 no virus found Microsoft 1.2405 04.11.2007 no virus found NOD32v2 2182 04.11.2007 no virus found Norman 5.80.02 04.11.2007 no virus found Panda 9.0.0.4 04.11.2007 no virus found Prevx1 V2 04.12.2007 no virus found Sophos 4.16.0 04.11.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.11.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.10.2007 no virus found VirusBuster 4.3.7:9 04.11.2007 no virus found Webwasher-Gateway 6.0.1 04.11.2007 Trojan.Agent.36864 Aditional Information File size: 36864 bytes MD5: 83e05625144d3912892e9b2a462b9c7d SHA1: 1defc467ffbd61ec4b586e358c3db189c0a856f3 Regards, Axel Pettinger [1] http://www.microsoft.com/technet/security/bulletin/MS06-006.mspx -------- Original Message -------- Subject: RE: [funsec] Britney Spears helps spread malware Date: Tue, 3 Apr 2007 10:54:02 -0700 From: "Hubbard, Dan" <dhubbard () websense com> To: "Larry Seltzer" <Larry () larryseltzer com>, <rms () computerbytesman com>,"FunSec [List]" <funsec () linuxbox org> References: <005301c7760f$c7107500$55315f00$@com><0273B67044957C41BD71D12EBA2E00AE0FD36A@becca.LarrySeltzer.local> Yup, all URL's end in indeXXX.htm(l) -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Tuesday, April 03, 2007 10:11 AM To: rms () computerbytesman com; FunSec [List] Subject: RE: [funsec] Britney Spears helps spread malware It's the ANI: Tuesday, April 03, 2007 11:48 AM/EST ANI Exploit Tries the 'Hot Pictures of Britiney Speers' Shtick Spam promising "Hot Pictures of Britiney Speers [sic]" is linking to sites hosting the Windows ANI exploit, Websense discovered today. The e-mail, coming from "Nude BritineySpeers.com," is written in HTML... http://securitywatch.eweek.com/browsers/ani_exploit_tries_the_hot_pictur es_of_britiney_speers_shtick.html Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Britney Spears helps spread malware rms (Apr 03)
- RE: Britney Spears helps spread malware Larry Seltzer (Apr 03)
- Re: Britney Spears helps spread malware Brian Loe (Apr 03)
- Re: Britney Spears helps spread malware Valdis . Kletnieks (Apr 03)
- Re: Britney Spears helps spread malware Brian Loe (Apr 03)
- Re: Britney Spears helps spread malware Nick FitzGerald (Apr 03)
- Re: Britney Spears helps spread malware crazy frog crazy frog (Apr 04)
- Re: Britney Spears helps spread malware Brian Loe (Apr 03)
- RE: Britney Spears helps spread malware Larry Seltzer (Apr 03)
- RE: Britney Spears helps spread malware Hubbard, Dan (Apr 03)
- RE: Britney Spears helps spread malware Larry Seltzer (Apr 03)
- Re: Britney Spears helps spread malware Axel Pettinger (Apr 11)
- RE: Britney Spears helps spread malware Alex Eckelberry (Apr 11)