Michael Thompson <mikethompsonmike.co.uk> wrote:

> lsass.exe is the Microsoft Secure Storage for 2000/NT and XP. It is
> responsable for managing secure storage in those enviroments.

Even when it is being scripted via an old IIS exploit to be copied
around the Internet?

Even when it is only about 9KB and the one in Win2K SP3 is 33,552
bytes?

Come on -- a rudimentary analysis of the situation without even
seeing the file suggests that is not the case _here_.

Then, when you look at the file that is being rcp-ed around, the
first thing you notice is that it is UPX packed -- again, something
MS is not renowned for doing to its core OS components but something
commonly done to obfuscate malware from casual analysis...

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]