-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry to say, it's now hit MidWest US mainland as of 5:54am CST. Our e-mail filters completely filter our .vbs attachments so this one never stood a chance....great work by black-hand for presenting the decode and source! Good luck, Ralph M. Los Sr. Internet Systems & Security Admin. (312) 827-3945 (direct) EnvestNet Advisory Corp. (312) 296-9003 (wireless) rlosat_private - -----Original Message----- From: Kris Boulez [mailto:krbouat_private] Sent: Wednesday, May 09, 2001 1:32 AM To: INCIDENTSat_private Subject: Re: homepage worm Quoting black-hand (blackat_private): > Hi, > > There is a new VBS worm doing its rounds down here in Australia at > the moment, a lot of virus scanners arnt picking it up. Its not a > malicious payload, but still.. > > ive put up the email, attachment and payload info here: > > http://black.wiretapped.net/homepagevirus.asp > > to bypass virus scanners, it does a simple decypher then execute > It's also running around in Europe. Description of this one can be found at http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_HOM EPAGE.A Kris, -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOvlqGnM6eMaR3AeZEQJ23gCgk+Z3hM0U3DWHG6nqGipC5i/r9rcAnjuB 2ZXFNyCvSby29eyDOzltGG+F =AKNE -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu May 10 2001 - 19:13:54 PDT