Careful, you.re being watched.

Arrakis arrakistor at gmail.com
Thu Sep 6 14:01:51 UTC 2007


Report comes back that this is hosted from Taipei, Taiwan.

Comes back negative for viruses, scanned against 13 popular virus
scanners. Time to run it in a VM and capture the activity, if it even
executes...

Steve

Kyle Williams wrote:
> I just found this myself and am digging into it now.....needless to say,
> this is not Tor.
> 
> 
> On 9/6/07, loki der quaeler <loki-lists at weltschmerz.org> wrote:
>>
>> new trojan mask variant: (105% evil)
>>
>> Begin forwarded message:
>>
>>> Return-Path: <prasad.bolar at dnaindia.net>
>>> Delivered-To: 7-loki-lists at weltschmerz.org
>>> Received: (qmail 18515 invoked from network); 6 Sep 2007 05:49:08
>>> -0700
>>> Received: from 103-134-124-91.pool.ukrtel.net (91.124.134.103)
>>>   by www.weltschmerz.org with SMTP; 6 Sep 2007 05:49:08 -0700
>>> Received: from zbcdphd by 103-134-124-91.pool.ukrtel.net with local
>>> (Exim 4.66 (FreeBSD))
>>>         id 1ITH-000LCI-41
>>>         for loki-lists at weltschmerz.org; Thu, 6 Sep 2007 15:48:54 +0300
>>> To: <loki-lists at weltschmerz.org>
>>> Subject: Careful, you.re being watched.
>>> From: <prasad.bolar at dnaindia.net>
>>> Content-Type: text/html;charset=iso-8859-1
>>> Content-Transfer-Encoding: 7BIT
>>> Message-Id: <1ITH-000LCI-41 at 103-134-124-91.pool.ukrtel.net>
>>> Sender: User zbcdphd <zbcdphd at 103-134-124-91.pool.ukrtel.net>
>>> Date: Thu, 6 Sep 2007 15:48:54 +0300
>>>
>>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>>> <html>
>>> <body>
>>> Everyone who is doing file trading is at risk. Read the news on
>>> RIAA and what they are doing to everyone they find. Your privacy
>>> can be safe again with our new technology. Save yourself from an
>>> attack and use this free software now. <a href="http://
>>> 61.228.78.61/">Download Tor</a>
>>> </body>
>>> </html>
>>>
>>
> 



More information about the tor-talk mailing list