FW: Warning to Bugtraq posters.
I.Ioannou
roryt at hol.gr
Thu Dec 23 23:53:11 EET 1999
Epidi to fainomeno parousiastike kai stin linux-greek-users (kai egw pira kati
tetoio) sas to kanw forward. Bebaia , emeis douleyoume me linux ( :-) )ara
theoritika den yparxei problima, alla ....
-----FW: <000601bf4c9c$6f0bd9c0$0100007f at localhost.cell2000.net>-----
From: Steven Alexander <steve at cell2000.net>
To: BUGTRAQ at SECURITYFOCUS.COM
Subject: Warning to Bugtraq posters.
After my last post to bugtraq (Re: w00w00....) I received a message
pertaining to be from myself with the same subject line. The messsage
contained an attachment program named goal.exe. It claimed that this
program was from messagemates.com. If the program is run it will give an
error message about an unfound .DLL. It will also create a new goal.exe in
"C:\WINNT\" and an entry in the registry named "tpawen" with the value
"C:\WINNT\goal.exe /x" under
"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run". I don't
know what this program is, I am disassembling it now and will post again
later. The header from the message I received indicates that the mail was
received by my mail server from "stu.chesapeake.net, 205.130.220.9". If
anyone knows anything more please email me.
-steven alexander
It appears that the file I received installs a new goal.exe in C:\Winnt
which is set to run on startup. Disassembly of the file reveals that it
gathers information about my machine from the registry and attempts to
recover my netscape password from prefs.js. It then emails the information
to mike at aol.com. I will post a dissasembly of both files on my website
http://www.cell2000.net/security/
-steven alexander
--------------End of forwarded message-------------------------
I.Ioannou <roryt at hol.gr>
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
Ta archives tis listas einai sto http://lists.hellug.gr/lgu.html
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users at hellug.gr
====================================================================
More information about the Linux-greek-users
mailing list