Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] win2kup2date.exe ?
From: Barry Fitzgerald (bkfsecsdf.lonestar.org)
Date: Thu Sep 02 2004 - 12:46:40 CDT
Do you still have a copy of the file? Have you sent it to the antivirus
companies for analysis?
Can you repeat the experiment with a patched box and replicate the results?
If so, that could be bad. It could just be a reworked exploit, though
-- or perhaps there's a bug in the buffer overflow blocking code?
>Anyone heard about a file called "win2kup2date.exe" ?
>(Google says nothing found..;)
>I did a controlled test with a XP Pro box w/o patches on Inet
>and this little thingy came on my testbox thrue some sort of RPC exploit,
>tftp'ed down this file from connecting machine, started with SYSTEM,
>and tries to connect up to IRC.
>McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find
>any strange with this file..
>That was actually my test, v8.0 of McAfee virusscan have a future of
>"buffer overflow protection", it stopped the wellknown public RPC/DCOM
>exploit, but not the exploit that putted "win2kup2date.exe" on my testbox.
>Well, so mutch for the new "buffer overflow protection" future.. crap.. ;)
>Have a nice day
>Full-Disclosure - We believe in it.
Full-Disclosure - We believe in it.