Author Topic: education  (Read 4097 times)

0 Members and 1 Guest are viewing this topic.

April 20, 2009, 08:00:23 am
Read 4097 times


  • Special Access
  • Full Member

  • Offline
  • *

  • 54
It is okay to post http://... here because we know what we are doing and they aren't hot links.  But something like this:

IS HOT (I prepended a "hxxp://" to set a good example).  It will give people a VisualBasic Trojan mini-downloader.  So please educate people to replace the "http://" with "hxxp://" or prepend a "hxxp://" to hosts with the just the host name to deaden the link if the links are hot.  I guess it could have been worse in the past but:

If I had Authentium, ClamAV, eSafe, F-Prot, or Rising I would still be in trouble!  The embedded host is  I don't know the rest of the URL.  It responds to an ICMP ping but there seems to be no index.html, at least on port 80.  You will have to disect the file to see what it does with that partial URL:

It is still downloadable - name NovoDocumento1.exe. Long time for me not writing.  Hope to be back soon with goodies.  But beware of Greeks bearing gifts.  Some girls compared me with the Greek God Apollo when I was younger.  I feel more like Sisyphus now ...