[Full-disclosure] Urgent Alert: Possible BlackWorm DDay February3rd (Snort signatures included)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Jan 25 02:39:11 GMT 2006
On Tue, 24 Jan 2006 23:49:03 +0100, "ad at heapoverflow.com" said:
> and if the worm doesnt use any vulnerability, how come it has been so
> widely spreaded ?
It doesn't exploit a *software* vuln, but a *wetware* one...
http://www.f-secure.com/v-descs/nyxem_e.shtml says:
The worm sends itself as attachment in the infected e-mail. The e-mail subject can be one the following:
The Best Videoclip Ever
School girl fantasies gone bad
A Great Video
Fuckin Kama Sutra pics
Arab sex DSC-00465.jpg
give me a kiss
*Hot Movie*
Fw: Funny :)
Fwd: Photo
Fwd: image.jpg
Fw: Sexy
Re:
Fw:
Fw: Picturs
Fw: DSC-00465.jpg
Word file
eBook.pdf
the file
Part 1 of 6 Video clipe
You Must View This Videoclip!
Miss Lebanon 2006
Re: Sex Video
My photos
The message body may be one of the following:
Note: forwarded message attached.
Hot XXX Yahoo Groups
F*ckin Kama Sutra pics
ready to be F*CKED ;)
forwarded message attached.
VIDEOS! FREE! (US$ 0,00)
Please see the file.
>> forwarded message
----- forwarded message -----
i just any one see my photos. It's Free :)
how are you?
i send the details.
OK ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060124/222e93ec/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.