Hi, actually i have another question of a similar ballpark, so i can't
really answer your question, but did a virustotal scan on it anyway (got
the url from a previous fd post) so as not to post "empty handed".
What i noted is this: I've been receiving emails on a few accounts
eversince a couple of days.. Their subject is
Hey, somebody! --where "somebody" is the user part of the email. But no
virus, no attached files, no body, no content.
The resemblence is only that like in your case, this is an email that
probably has a purpose that we don't know about :-)
An idea for my own case: somebody bought /made some forwards with many
domains, and they check to see who responds to these, in order to make a
nifty low bounce rate spam list. What do you think?
Domains that were specified for a "sender" in the emails:
Workpermit.com, snowcrest.com, aada.com, novellus.com. All i could find
in my trash so far :)
For your masturbation-capable virus:
This is a report processed by VirusTotal on 01/28/2006 at 20:56:23 (CET)
after scanning the file "masttyc.exe" file.
Antivirus Version Update Result
AntiVir 6.33.0.81 01.28.2006 no virus found
Avast 4.6.695.0 01.27.2006 no virus found
AVG 718 01.27.2006 no virus found
Avira 6.33.0.81 01.27.2006 no virus found
BitDefender 7.2 01.28.2006 no virus found
CAT-QuickHeal 8.00 01.27.2006 no virus found
ClamAV devel-20051123 01.28.2006 no virus found
DrWeb 4.33 01.28.2006 no virus found
eTrust-InoculateIT 23.71.62 01.28.2006 no virus found
eTrust-Vet 12.4.2058 01.27.2006 no virus found
Ewido 3.5 01.28.2006 no virus found
Fortinet 2.54.0.0 01.28.2006 no virus found
F-Prot 3.16c 01.28.2006 no virus found
Ikarus 0.2.59.0 01.27.2006 no virus found
Kaspersky 4.0.2.24 01.28.2006 no virus found
McAfee 4684 01.27.2006 no virus found
NOD32v2 1.1385 01.28.2006 no virus found
Norman 5.70.10 01.27.2006 no virus found
Panda 9.0.0.4 01.28.2006 no virus found
Sophos 4.02.0 01.28.2006 no virus found
Symantec 8.0 01.28.2006 no virus found
TheHacker 5.9.3.082 01.27.2006 no virus found
UNA 1.83 01.27.2006 no virus found
VBA32 3.10.5 01.28.2006 no virus found
Php0t
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of y0himba
Sent: Saturday, January 28, 2006 8:23 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Can Someone Tell Me What This Is?
Hi. Got this in an email, have no idea if it is just some stupid
command line joke or if it does something I don't know about. Attached,
.rar format Win32 .exe inside. I have attached the source code.
Subject line, "Masturbation Tycoon". I am not a programmer at all, but
there seems to be nothing suspicious in the source code either. Maybe I
missed something in my newbness? Ran it in a sandbox, didn't seem to do
anything odd. AVG, AntiVir and Bitdefender all say nothing about it. I
am paranoid however. Thanks for any input.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/GIT/GO d- s: a C++++$ UL++++ P++++ L++++ E++++ W++++ N+++++ o++++
K++ w
O- M- V-- PS+ PE Y++ PGP++ t+ 5-- X+++++ R* tv++ b+++++ DI++ D++++
G++ e h---- r+++ y++++
------END GEEK CODE BLOCK------
Get Your Geek Code: http://www.geekcode.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
