|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] Virus Thread Netsky.D and Quick analysis
From: Helmut Hauser (helmut_hauser
hotmail.com)
Date: Mon Mar 01 2004 - 08:10:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Netsky.D is rapildely spreading ...
Quick analysis:
Packed with the Petite exe Packer V2.2
Tries to infect the follwing drives and/or network shares:
z: y: x: w: v: u: t: s: r: q: p: o: n: m: l: k: j: i: h:
g: f: e: d: c:
Has follwing IP addresses built in:
212.44.160.8 195.185.185.195 151.189.13.35 213.191.74.19
193.189.244.205 145.253.2.171 193.141.40.42 194.25.2.134 194.25.2.133
194.25.2.132 194.25.2.131 193.193.158.10 212.7.128.165
212.7.128.162 193.193.144.12 217.5.97.137 195.20.224.234 194.25.2.130
194.25.2.129 212.185.252.136 212.185.253.70 212.185.252.73
62.155.255.16
Interesting string: be aware! Skynet.cz - -->AntiHacker Crew<--
Installs itself at
CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
SOFTWARE\Microsoft\Windows\CurrentVersion\Run -stealth winlogon.exe
System\CurrentControlSet\Services\WksPatch
Software\Microsoft\Windows\CurrentVersion\Explorer\PINF Sentry OLE service
au.exe d3dupdate.exe
Was signed by skoorpioyahoo.com
Helmut Hauser
Systemadministration EDV
Intraplan Consult GmbH
Orleansplatz 5a
81667 München
(089) 45911-123
http://www.intraplan.de
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]