Discussion in 'malware problems & news' started by Malcontent, Dec 24, 2007.
Suppongo tu sia un famoso (anzi famigerato) toscano?
Are you from Tuscany? My grandfather was born in Carrara.
I'm from Umbria, next to Tuscany
EraserHw lives in Perugia (Umbria)
Looks like another varient released on the uhavexxxxxx.com link.
I have sent it to KAV, Dr Web and F-secure and posted it at http://www.castlecops.com/t211403-Another_Happy_2008_exe_with_poor_detection.html
Yes it is
Are people still foolish enough to download exe's from email and run stuff like striplights?
Yes- people doesn't changes
Level of caution and consideration is automatically lowered when people receive malware from a friend or other known contact. Perhaps they think it's some funny joke sent by a friend or so .. and the result is a network of dumb&infected people. Worst case is to receive this kind of virus from a person that is "generally known" as an expert with computers or computer security. Receiver will simply not understand to suspect anything if it's sent from his close friend who always preaches about security.
Solution: don't be an expert with computer security and do not get any friends. If you simply have to make friends, avoid especially those that know about security.
I would. LOL
The moral of this story is to always think with your brain, not with the...uh...other organ
I don't, even though my system could deal with it. I've just discovered that using Gmail you are not allowed to send exe's attachments, and you won't receive any either.
prevx have been keeping their eye on it.
also F-Secure too.
As best as possible, all the off topic discussion concerning another malware out break has been moved to the below thread.
Most recent Cutwail/Bulknet malware discussion
Let's do attempt to keep the thread topic based on the title Please and ask that members do consider their post contents in the future so un-necessary splitting of off topic converstions is required.
I have tested 2 Storm worm variants, and it´s the same old stuff, nothing scary about them, both try to load drivers. And as everyone (or most) of us know, you should only give your 100% trusted tools the ability to load a driver, or to perform other high risk stuff.
I noticed the TF screenshot (post #2), but what happens if you allow the executable to be copied to the "sensitive area"?
Storm switches tactics third time, adds rootkit
The difficulty in taking down the domain:
(continues on next page)
They are getting lazy. I'm not seeing any major change of the sample for 2 days.
This could mean two things:
- They are satisfield of how many people they forced to join their botnet (also known as number of infections )
- Calm before the storm
My guess: Calm before the storm
I didn't have a sms warning yet but expecting it soon.
I hate quoting myself, but someone from the underground maybe has read these words
I don't even open the spam-email itself, which means I don't even see the attachment.
Immediate DELETE without opening, that's all what spam-emails get from me.