OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Netdetect.exe with backdoor? (ICQ)

Re: Netdetect.exe with backdoor? (ICQ)

Subject: Re: Netdetect.exe with backdoor? (ICQ)
From: Jon Hadley (jonhAPAK.CO.UK)
Date: Mon Jan 17 2000 - 10:45:35 CST

Indeed it is .... AVP isn't my usual virus scanner, I ran an old copy over
lunch to verify the previous post.

On another note, the contents of my inbox swelled considerably after
posting, with various Xmas holiday out-of-office replies ... lucky for some
.. wot's wrong with sticking a rule in to ignore list posts? ;oÞ

> -----Original Message-----
> From: Vladimir Dubrovin [SMTP:vladsandy.ru]
> Sent: Monday, January 17, 2000 4:08 PM
> To: Jon Hadley
> Cc: VULN-DEVSECURITYFOCUS.COM
> Subject: Re[2]: Netdetect.exe with backdoor? (ICQ)
>
> Hello Jon Hadley,
>
> 17.01.00 16:28, you wrote: Netdetect.exe with backdoor? (ICQ);
>
> J> Hi,
>
> J> AVP just gave me a post lunch break heart attack and reported the same
> J> Trojan infection for my older build of ICQ (again only downloaded from
> J> trusted sources). I assume, as Brad Griffin mentions, that AVP mistakes
> the
>
> This is well-known problem in one of old AVP virus bases releases, and
> this fact means you didn't updated your bases for a few months. You
> are at high risk in this situation. Update bases from
> ftp://ftp.avp.ru/updates or ftp://ftp.avp.ru/bases
>
> J> connection monitoring activities of Ndetect as Trojan activity.
>
> J> A quick search of various virus sites suggests that AVP is mistaking
> Ndetect
> J> for SubSeven, a 'fairly advanced' Trojan that uses ICQ / Email to
> notify the
> J> originator that the victim is online.
>
>
>
>
> +=-=-=-=-=-=-=-=-=+
> |Vladimir Dubrovin|
> | Sandy Info, ISP |
> +=-=-=-=-=-=-=-=-=+
>

This archive was generated by hypermail 2b27 : Mon Jan 17 2000 - 16:00:02 CST