dennisbacktrace.de
Date: Fri Oct 24 2008 - 08:46:55 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zitat von Mike Johnson <mikeenoch.org>:

> Just to split hairs, Gimmiv is a trojan, not a worm. It's just a
> keylogger. It in and of itself does not spread. I have no idea why the
> Threatexpert blogger called it a worm, everyone else calls it a trojan.
> While I do not claim to be an expert, the samples I have seen with my
> own eyes are trojans and don't have the ability to spread.
>
> That said, it won't take much for someone to write self-replicating code
> exploiting this vulnerability.
>

It is a Trojan (a password stealer, downloader) which downloads an
additional (exploit) component named "basesvc.dll" as mentioned by
ThreatExpert on their blog. If you have a look at that file, it is
pretty evident that it might (I haven't gotten that far with my
analysis) exploit the vulnerability fixed with MS08-076 and thus may
be used to spread the password stealing Trojan.

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]