Poslao: 13 Okt 2006 14:30
|
offline
- Leggy
- The King
- Pridružio: 18 Dec 2003
- Poruke: 7953
- Gde živiš: Graceland
|
Da li je ovo hoaX? Nas admin nam je javio da ko dobije ovaj mail sa nekim zip attachmentom da ga brise odmah. Poslao je Kaseprskom. U zipu je exe, koji nije pokrenuo.
Telo poruke:
Dear Customer,
Thank you for ordering from our internet shop. If you paid with a credit
card, the charge on your statement will be from name of our shop.
This email is to confirm the receipt of your order. Please do not reply as
this email was sent from our automated confirmation system.
Date : 08 Oct 2006 - 12:40
Order ID : 37679041
Payment by Credit card
Product : Quantity : Price
WJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99
Subtotal : 2,449.99
Shipping : 32.88
TOTAL : 2,482.87
Your Order Summary located in the attachment file ( self-extracting archive
with "37679041.pdf" file ).
PDF (Portable Document Format) files are created by Adobe Acrobat software
and can be viewed with Adobe Acrobat Reader.
If you do not already have this viewer configured on a local drive, you may
download it for free from Adobe's Web site.
We will ship your order from the warehouse nearest to you that has your
items in stock (NY, TN, UT & CA). We strive to ship all orders the same day,
but please allow 24hrs for processing.
You will receive another email with tracking information soon.
We hope you enjoy your order! Thank you for shopping with us!
|
|
|
|
Poslao: 13 Okt 2006 14:48
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Ne Hoax, Phishing.
Mozes li da mi prosledis jedan primerak ZIPa na bobby[_at_]mycity.rs?
|
|
|
|
Poslao: 13 Okt 2006 15:46
|
offline
- Leggy
- The King
- Pridružio: 18 Dec 2003
- Poruke: 7953
- Gde živiš: Graceland
|
Poslao sam. Javi da si primio.
Prvi put kad sam slao kao zip, nije poslao.
|
|
|
|
Poslao: 13 Okt 2006 15:54
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Stiglo, proucavam ga.
Javljam ti rezultate za najvise pola sata.
|
|
|
|
Poslao: 13 Okt 2006 15:56
|
offline
- Leggy
- The King
- Pridružio: 18 Dec 2003
- Poruke: 7953
- Gde živiš: Graceland
|
Kad sam ga prvi put poslao, dok ga nisam rarovao, javio mi je ovo:
Dieser Email Scanner unterbrach die Versendung der Nachricht an den Empfaenger.
Der virus scheint folgenden Typs zu sein:
Trojan.Downloader.Small-2854
|
|
|
|
Poslao: 13 Okt 2006 16:02
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Evo sta radi:
Ubacuje hide_evr2.sys u %WINDIR% . Ovo je rootkit.
Ubacuje EXE fajl %WINDIR% . Ako sam ga dobro skontao, ovaj fajl moze da ima razlicita imena. Kod mene je 7 slova + ekstenzija EXE.
Kreira batch fajl u %SYSTEM% koji sluzi da izbrise fajl koji si mi poslao.
Dopuna: 13 Okt 2006 16:02
Leggy ::Kad sam ga prvi put poslao, dok ga nisam rarovao, javio mi je ovo:
Dieser Email Scanner unterbrach die Versendung der Nachricht an den Empfaenger.
Der virus scheint folgenden Typs zu sein:
Trojan.Downloader.Small-2854
To ga je detektovao ClamAV na mail serveru.
|
|
|
|
|
Poslao: 13 Okt 2006 16:36
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Da, virtuelna masina + program koji sam napravio za posmatranje promena na disku. Rootkit sam nasao kada sam ugasio VM i mountovao virtuelni HD na realni sistem, pa sam gledao sta ima novo od fajlova pomocu InCtrl5 programa.
|
|
|
|
Poslao: 13 Okt 2006 19:50
|
offline
- Peca
- Glavni Administrator
- Predrag Damnjanović
- SysAdmin i programer
- Pridružio: 17 Apr 2003
- Poruke: 23211
- Gde živiš: Niš
|
Bobby, upravo htedoh da napisem, imamo ClamAV na serveru, koji filtrira mail...
Imaj to na umu, kad ti neko sledeci put salje viruse na mail.
|
|
|
|
Poslao: 13 Okt 2006 20:28
|
offline
- Leggy
- The King
- Pridružio: 18 Dec 2003
- Poruke: 7953
- Gde živiš: Graceland
|
Ja sam mu ga poslao tako sto sam zapakovao zip u rar.
Samo da znas
|
|
|
|