|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: portscan virus?
From: Gary Buckmaster (gary
BWAPR.COM)Date: Wed May 24 2000 - 11:03:52 CDT
- Next message: Cerberus Security Team: "Alert: Carello File Creation flaw"
- Previous message: Geo.: "portscan virus?"
- In reply to: Geo.: "portscan virus?"
- Reply: Gary Buckmaster: "Re: portscan virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
NAV also claims that a number of elements of some popular IRC scripts are trojan
horse files. This includes click.exe (which I believe originated from the 7th
Sphere script also) as well as Sumo.exe and Watcher.exe which come from the
popular Showdown IRC script. NAV only lists these items as "trojan horse" and
provides no other information.
Also interesting is that NAV claims the BO2K client is actually the BO2K server,
which could be totally unrelated. But my suspicion is that the folks at
Symantec are actively moving away from virii and trojans, and starting to alert
on other programs that may have undesireable properties. This is just my
suspicion however, so choose your reactions accordingly.
"Geo." wrote:
> portscan.exe was recently detected as ICQ.PWS.Trojan on a machine by
> symantec antivirus program.
>
> The program file is the 7sphere port scanner dated Monday, April 07, 1997,
> 4:51:46 PM and it seems to me this was a long time ago and possibly before
> most ICQ type password hacks came out.
>
> Anyway, Symantec said the following:
>
> "The reason Norton AntiVirus found it and no other AntiVirus software did,
> is
> because we are probably the only one that has a virus definition for that
> particular trojan. The virus definition for this trojan was added 5/9/00."
>
> I'm posting this here for 2 reasons, first in case anyone else has this port
> scanner, second in case symantec is wrong. Hopefully I can get confirmation
> one way or the other on this.
>
> Geo.
>
> _____________________________________________________________________
> ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
> ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
> SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Cerberus Security Team: "Alert: Carello File Creation flaw"
- Previous message: Geo.: "portscan virus?"
- In reply to: Geo.: "portscan virus?"
- Reply: Gary Buckmaster: "Re: portscan virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]