hey soda..
there is a DRR Software company who have a DRR Basic. can't answer the VB6 calls
cheers
Printable View
hey soda..
there is a DRR Software company who have a DRR Basic. can't answer the VB6 calls
cheers
Hi Folks,
IT IS A VIRUS!!!
Well it is an attempt at one:
"PictureCrash.JPG is
Win32.Interlaced.10.B.Dropper"
I am afraid it did not survive the electrified fence, led alone get smothered in a sandpit or fall into the jaws of the rabid pack of script stranglers.................and the rest of the gang are still asleep in the bunker :D
The virus appears to be new, as the AV only spotted the dropper mechanism................as an aside, it did not let me download UPX (the actual packing tool) the other day, so I guess the AV is looking for "tools & mechanisms", as well as patterns and behaviour.
It is e-trust (Vet?) the mob that Microsoft bought.
I will now have to try to download it onto a labrat, as the ARV will obviously have nothing to do with it.
Nice One! very interesting...............but I am going to have more work to try to get it to infect ........I am thinking of loading a collection of picture viewers and editors onto the labrat?
Cheers for now
EDIT: I just had a quick scroll through the .txt version and saw this:
SOFTWARE\Borland\Delphi\RTL FPUMaskValue
I wondered why it seemed so bloated, and I do not see any evidence of an actual picture there, so I am suspecting a "social engineering" approach and a circumvention of the usual double extension "giveaway".......................but how to get it to run? that is the question.
So now we have the virus and we have some info about it and its a new type of virus attack. With this information in mind, how much at risk is the internet community?
Both are big problems, of course. But spyware has become way more popular than the old-fashioned virus. Viruses are effective, no doubt. When it comes to control and power like most hackers want, they turn to spyware and/or trojans.
I just wanted everyone to be aware that this was not bullshit. The original picture may not have been such a good choice, and I can always try to resend this, but again, my ISP is blocking certain things right now, and may have a problem doing so. Yes, the original malicious part of this is named DRR, but if you Google it as I have, all you get is the company. I have not found the program anywhere, and DRR company is not it. Yes, the binder prog was Interlaced 2, it allows you to bind a host file with a hidden file that is malicious. Sorry to Undertaker whose emails were blocked by my ISP.
I can't remember where I got the origianl DRR file from, but I did download it and have it saved on disc for future ref. The Interlaced 2 prog I also dl'ed and again, can't remember where from. I do know it wasn't from anywhere big like Sub7 or Hacktivismo, or CultDeadCow. If I remember, I will let the community know.
Hmmm,
I think that it is a virus or an attempt. I think that a part of it is VB and probably the core is Borland Delphi, not sure about the rest of it, as I am waiting to get my hands on it...........on the labrat.
What I do not see is how opening an image file (single extension) will actually launch the executable?
My particular query is that image files probably have the greatest variety of default launching programs, as you seem to get a fresh one with each digital cam, web cam, photo manipulation package etc?............?
Any thoughts?
Blah... Windows95, with regprot, and a few other programs monitoring startup methods... many are my own creation it would be very hard disableing those. Ran it and took a look into it through a more NT based enviroment. Ran it... and under as many image viewers as I possably could. Nada NOTHING... Took it appart with WDASM you all can sort through it better with that. The only thing related to images and this file as far as I can tell is its own damn goofy icon. Sure it might be malware but from the looks of it its just a *.exe renamed and given another file exstension.
i think spyware is more of a problem, virii can mess ur comp up, but just the idea of those spyware companies knowing my secret gay kiddie porn habits is frightening :eek:. j/k :D
Phonedog911
Quote:
"Well... what can you expect from a slave-banging, Hitler-loving, queer like Thomas Jefferson?"
errrr.................FIVE THOUSAND DOLLARS?
:cool:
Here it is ppl. Have at it. One thing:
[gloworange]OPEN AT YOUR OWN RISK. I ACCEPT NO LIABILITY [/gloworange]