[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Careful, you.re being watched.
Report comes back that this is hosted from Taipei, Taiwan.
Comes back negative for viruses, scanned against 13 popular virus
scanners. Time to run it in a VM and capture the activity, if it even
executes...
Steve
Kyle Williams wrote:
> I just found this myself and am digging into it now.....needless to say,
> this is not Tor.
>
>
> On 9/6/07, loki der quaeler <loki-lists@xxxxxxxxxxxxxxx> wrote:
>>
>> new trojan mask variant: (105% evil)
>>
>> Begin forwarded message:
>>
>>> Return-Path: <prasad.bolar@xxxxxxxxxxxx>
>>> Delivered-To: 7-loki-lists@xxxxxxxxxxxxxxx
>>> Received: (qmail 18515 invoked from network); 6 Sep 2007 05:49:08
>>> -0700
>>> Received: from 103-134-124-91.pool.ukrtel.net (91.124.134.103)
>>> by www.weltschmerz.org with SMTP; 6 Sep 2007 05:49:08 -0700
>>> Received: from zbcdphd by 103-134-124-91.pool.ukrtel.net with local
>>> (Exim 4.66 (FreeBSD))
>>> id 1ITH-000LCI-41
>>> for loki-lists@xxxxxxxxxxxxxxx; Thu, 6 Sep 2007 15:48:54 +0300
>>> To: <loki-lists@xxxxxxxxxxxxxxx>
>>> Subject: Careful, you.re being watched.
>>> From: <prasad.bolar@xxxxxxxxxxxx>
>>> Content-Type: text/html;charset=iso-8859-1
>>> Content-Transfer-Encoding: 7BIT
>>> Message-Id: <1ITH-000LCI-41@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>> Sender: User zbcdphd <zbcdphd@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>> Date: Thu, 6 Sep 2007 15:48:54 +0300
>>>
>>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>>> <html>
>>> <body>
>>> Everyone who is doing file trading is at risk. Read the news on
>>> RIAA and what they are doing to everyone they find. Your privacy
>>> can be safe again with our new technology. Save yourself from an
>>> attack and use this free software now. <a href="http://
>>> 61.228.78.61/">Download Tor</a>
>>> </body>
>>> </html>
>>>
>>
>