[Full-Disclosure] Another noxious M$ trojan

[Nick FitzGerald]

"Gregory A. Gilliss" <ggilliss at netpublishing.com> wrote:

> For all who were interested in reviewing the suspect binaries, I have 
> posted them on my Web site:

Not at all smart -- this is self-replicating code which poses certain 
complexly more interesting ethical issues than simple vulnerability 
exploit PoC code...

Anyway, despite the different .ZIP sizes (8 bytes being twice the four-
character difference in length of filename...) the .EXEs are identical 
(as can be seen by the identical CRC-32 with unzip -v ...) and both 
straight samples of Swen.A...


Regards,

Nick FitzGerald