|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] anyone seen this worm/trojan before?
From: Axel Pettinger (api
epost.de)
Date: Thu Jun 03 2004 - 17:08:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Perrymon, Josh L." wrote:
>
> I found this worm/ trojan on a laptop. Ran FPort and found the .exe.
> Doesn't look like it propagates to other machines but rather communicates
> with a compromised
> web companies server using IRC. The compromised server has removed the IRC
> service. Only sends RST packets back.
>
<snip>
> I would like to know the attack vectors. I'm guessing LSASS.
AntiVirus scanners identify our trojan as:
BitDefender : Backdoor.SDBot.Gen
Kaspersky : Backdoor.Rbot.gen
McAfee : W32/Sdbot.worm.gen.g
Symantec : W32.Spybot.Worm
Trend Micro : WORM_SPYBOT.AP
From a quick look at the file I'd say the following is the best
description of that trojan. There're several attack vectors ...
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.AP&VSect=T
Regards,
Axel Pettinger
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]