Security Incidents mailing list archives
possible new trojan
From: Peter Harkins <sec () malaprop org>
Date: Sun, 10 Dec 2000 22:46:14 -0600
Hm, a few hours ago someone sent me what appears to be a trojan. All e-mail headers were blank; the original from line was "Received: from gandalf (dialup-28186.dialup.ptt.ru [195.34.28.186])". It was a MIME message with a "GOEJNAGO.EXE", 20340 bytes, md5sum of 958aaf80d038e88448f5a9b162d40d5f. A quick strings didn't show anything and some web searching revealed nothing as well. As I don't have a windows machine I can't do much in the way of analysis. If anyone knows what this is or wants a copy, drop me a line.
Current thread:
- possible new trojan Peter Harkins (Dec 12)
- Re: possible new trojan Jay D. Dyson (Dec 13)
- <Possible follow-ups>
- Re: possible new trojan Peter (Dec 13)