[Full-Disclosure] (no subject)
Michael Erdely
mike at erdelynet.com
Mon Aug 9 21:07:02 BST 2004
ClamAV calls it Trojan.JS.Runme. My update for it came at 3 PM EDT today.
From ClamAV Update list:
Submission: 5025-web, 5026-web, 5027-web, 5028-web, 5029-web, 5030-web,
5043-web, 5044-web,
5045-web, 5046-web, 5047-web, 5048-web
Sender: James Stevens, Bill Landry, Henning Spjelkavik, Melanie
Dussiaume, Roman Scheucher, Gunter
Mintzel, Mike Watterson, Martin, Rob Kudyba, wojciech myszka, Philip
Corliss, Kevin Way
Virus: unknown, JS/IllWill (McAfee), JS.Dword.dropper (Bitdefender),
JScript/IE.VM.Exploit (Inoculate)
Alias: TR/RunMe.Dldr.1 (Hbedv)
Added: Trojan.JS.RunMe
Added: Trojan.RunMe
Note: The name may change.
Note: There are more submissions with this; at the moment I'm publishing
just some of them.
-Mike
Jonathan Grotegut wrote:
> (In regards to new_price.zip file attachment)
>
> Anyone have any idea what this is, we had some clients just get pretty
> hard with this email. I am unable to find anything on it, from my VERY
> Limited knowledge it appears to be a virus exploiting one of the many
> holes in IE. Anyone else see anything on this yet?
>
> Jonathan Grotegut
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.