[nsp-sec] new storm worm campaign - april fool's day
John Fraizer
john at op-sec.us
Mon Mar 31 14:44:04 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ACK AS6981. Thumping *real* hard on our customer-facing folks since our entry has shown up very consistently since March 6th and I show no indication that they have
bothered to contact the customer. :(
John
Jose Nazario wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> same MO as before, with april fool's day campaign.
>
> funny.exe, kickme.exe and foolsday.exe
>
> same MD5 for all when fetched at the same time
>
> new peerlist, decoded and attached.
>
> -------------------------------------------------------------
> jose nazario, ph.d. <jose at arbor.net>
> security researcher, office of the CTO, arbor networks
> v: (734) 821 1427 http://asert.arbornetworks.com/
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
iD8DBQFH8TD0+16lRpJszIgRAnbEAJ4ke6NzldjuaHIWfqpwimzyKV25cQCferLi
GEGELXUgGwkq5TOk0mrMriM=
=mjht
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list