|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Sverre H. Huseby (shh
THATHOST.COM)Date: Thu Jan 25 2001 - 12:32:33 CST
[Dennis McHenry]
| If it's a trojan, the author likes the long shots. First to find
| a system that's vulnerable to whatever exploit they're using, then
| to get it onto a system where Pipes is the active screensaver. I
| don't know how it'd drop into the correct directory, either. It
| didn't seem like they were trying to get it into the Windows
| directory (where it's installed by default). Some virus, maybe?
The attacker wouldn't need to put it in the right directory, or wait
for the user to execute it. There's a NetBus command for executing
programs (don't know if .scr files would be covered by that command).
Unfortunately, since I don't know how to correctly reply to the
UploadFileCommand, the connection is closed before we're able to see
the next step of the attacker. I would guess an attempt to execute
the file would be a natural next step, but then again, I'm guessing
heavily here.
Sverre.
-- <URL:mailto:shh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]