[ale] Need a simple perl (etc.) program, but I don't speak perl

Greg Freemyer greg.freemyer at gmail.com
Thu Jun 3 13:17:41 EDT 2010


All,

I ended up just writing a C program.  So the project's done for now.

Definitely looks like malware and is likely how the intrusion got in
in the first place.

Greg

On Thu, Jun 3, 2010 at 12:29 PM, Paul Cartwright <ale at pcartwright.com> wrote:
> On Thu June 3 2010, James Sumners wrote:
>> Just paste the text into the field at
>> http://ostermiller.org/calc/encode.html and click "Hex Decode". You'll
>> quickly see what this thing does.
>
> URLDownloadToFileA pdfupd.exe crash.php
> http://vvven.in/x/exe.php?x=midi&src=boss&id=bomba
>
> that's what i got..
> but I also got:
> Iceweasel can't find the server at www.vvven.in.
> --
> Paul Cartwright
> Registered Linux user # 367800
> Registered Ubuntu User #12459
> http://usdebtclock.org/
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
   http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com


More information about the Ale mailing list