Date : Thu, 10 Jan 2008 15:30:45 -0000
From : profpep@... (Mike)
Subject: DancinBeeb demo
> Sophos antivirus says this is infected with what it calls "Mal/Generic-A".
> I suspect that this means it finds it generally suspicious in some way
> rather than containing a specific recognised virus.
>
> Dumping the strings in dancinbeeb.exe reveals (amongst others) the
following:
>
> http://www.jbls08130.pwp.blueyonder.co.uk/bbcmicro/ActiveX/
>
> and
>
> http://www.jbls08130.pwp.blueyonder.co.uk/bbcmicro/beeb/
>
> Both of those urls return 404 page not found errors.
>
> I don't know enough about windows/pcs to know if any of the other strings
found
> are suspicious or not.
>
Having done a bit more checking, the Tegosoft downloader is a directsound
ActiveX. ISZ says it's risk is 'in review', I've not found any malware
reports on it
The strings seem to be website addresses for the guy who wrote the program,
long ago Jason Bennison. There is a contact form tag of sorts on the page,
showing a hotmail address for him.
||\/||ike