Boost logo

Boost :

Subject: Re: [boost] [vault] Malware in the Boost Vault!
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2010-06-12 18:19:52


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/12/2010 06:08 PM, Chad Nelson wrote:
>> "Sexy Live.zip", uploaded to the Vault on March 31st by "gr7ne2009", is
>> apparently some kind of Trojan masquerading as a Windows screen saver,
>> according to various antivirus programs (checked with both
>> virusscan.jotti.org and www.virustotal.com). Who has access to remove it?
>
> s.php4 and r.php4 look very suspicious as well.

There are four other files uploaded by "gr7ne2009" that all look like
malware of some sort too, maybe the same as the first one I mentioned above.

c99.php4 doesn't look like malware, but it was uploaded by "bimokh", who
uploaded s.php4. A closer examination might be warranted.

Any way to auto-scan all the files there? Should I keep looking?
- --
Chad Nelson
Oak Circle Software, Inc.
*
*
*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwUCAgACgkQp9x9jeZ9/wQgCgCfchWAvAfqMtusKIYWhuVn4Yuv
o1gAn1wg3upbqDQHTTSarwlB5P3FBKn/
=18V8
-----END PGP SIGNATURE-----


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk