Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2000-q1

Vuln-Dev Archives: Re: Netdetect.exe with backdoor? (ICQ)

Re: Netdetect.exe with backdoor? (ICQ)

Subject: Re: Netdetect.exe with backdoor? (ICQ)
From: Jon Hadley (jonhAPAK.CO.UK)
Date: Mon Jan 17 2000 - 07:28:38 CST

Next message: Sachs, Marcus: "Re: ICQ >= 99* + CC Data"
Previous message: K Martin: "Re: Secure coding in C (was Re: Administrivia #4883)"
Maybe in reply to: WolF Knox: "Netdetect.exe with backdoor? (ICQ)"
Next in thread: Vladimir Dubrovin: "Re: Netdetect.exe with backdoor? (ICQ)"
Maybe reply: Jon Hadley: "Re: Netdetect.exe with backdoor? (ICQ)"
Reply: Vladimir Dubrovin: "Re: Netdetect.exe with backdoor? (ICQ)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

AVP just gave me a post lunch break heart attack and reported the same
Trojan infection for my older build of ICQ (again only downloaded from
trusted sources). I assume, as Brad Griffin mentions, that AVP mistakes the
connection monitoring activities of Ndetect as Trojan activity.

A quick search of various virus sites suggests that AVP is mistaking Ndetect
for SubSeven, a 'fairly advanced' Trojan that uses ICQ / Email to notify the
originator that the victim is online.

> -----Original Message-----
> From: WolF Knox [SMTP:wolfbhBIGFOOT.COM]
> Sent: Saturday, January 15, 2000 5:55 PM
> To: VULN-DEVSECURITYFOCUS.COM
> Subject: Netdetect.exe with backdoor? (ICQ)
> Importance: High
>
> Hello everyone...
>
> I was doing a rotine virus scan with AVP...
> and he told me that Netdetect.exe was infected with the
> trojan Backdoor.IP_Protect .
>
> Well, i don't use to download programs like ICQ from any unsecure site.
> Just mirabilis.com, tucows.com, cnet.com, etc...
>
> What is that trojan? Anybody have a clue?
>
> P.S: I Use ICQ Version 99b Beta 3.19 Build #2569
>
> thanx,
> Wolf Knox.
> --
> .... UIN: 33778118 ....
> . . EMail: wolfbhbigfoot.com . .
> . . NICK: Wolf Knox . .
> ..... ..... "From ashes we rise, ..... .....
> ..... ..... to ashes we shall ..... .....
> .... Fall." ....
> []-----------Ex-Inferis----------[]
> [] S e c u r i t y s p h e r e []
> [] www.exinferis.cjb.net []
> []-----------Ex-Inferis----------[]
> ________________________________________________________________
> GET PAID U$1,00/Hour for doing absolutely ANYTHING on your
> computer, as long as you are using your mouse!!!
> http://www.getpaid4.com/cgi-bin/joinnow.cgi?wolfknox
> you already do it, why not GetPaid4 it?

Next message: Sachs, Marcus: "Re: ICQ >= 99* + CC Data"
Previous message: K Martin: "Re: Secure coding in C (was Re: Administrivia #4883)"
Maybe in reply to: WolF Knox: "Netdetect.exe with backdoor? (ICQ)"
Next in thread: Vladimir Dubrovin: "Re: Netdetect.exe with backdoor? (ICQ)"
Maybe reply: Jon Hadley: "Re: Netdetect.exe with backdoor? (ICQ)"
Reply: Vladimir Dubrovin: "Re: Netdetect.exe with backdoor? (ICQ)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Jan 17 2000 - 10:00:43 CST