OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Fw: [ISN] Video Trojan hoax scares up publicity for security firm
From: Guy Rosinbaum (guyINTERNETUSA.NET)
Date: Sat Jun 10 2000 - 15:17:21 CDT

----- Original Message -----
From: "William Knowles" <wkC4I.ORG>
To: <ISNSECURITYFOCUS.COM>
Sent: Saturday, June 10, 2000 10:50 AM
Subject: [ISN] Video Trojan hoax scares up publicity for security firm

> http://www.theregister.co.uk/content/6/11290.html
>
> By: Thomas C Greene in Washington
> Posted: 10/06/2000 at 09:34 GMT
>
> It sounded so very exciting on Friday: a relatively unknown computer
> security firm called Network Security Technologies (NETSEC) was
> rushing to meet with the FBI to discuss a devastating new Trojan they
> had discovered joined to an .avi video file.
>
> The Trojan, they said, was capable of infecting personal computers and
> commandeering them to attack Web sites, resurrecting shades of the
> media frenzy surrounding February's DDoS attacks.
>
> Clearly, NETSEC had struck gold.
>
> Yet on Saturday, the FBI's National Infrastructure Protection Centre
> (NIPC) Web site remains strangely devoid of any mention of this
> impending calamity, as does the Carnegie Mellon University Computer
> Emergency Response Team (CERT) site.
>
> Apparently, the wire services had got a few things wrong on Friday, no
> doubt with NETSEC's gentle encouragement.
>
> We now know that the video Trojan, which NETSEC dubbed 'Serbian
> Badman' (ooohh, how scary that sounds), is actually known by the
> tragically prosaic name 'Downloader' (aka Backdoor.ldr;
> Downloader.Kit; Trojan.Win32.Loder.WPW; W95/Loader; and WWWPW).
>
> It works by fetching, downloading and silently running another, and
> quite familiar, Trojan called 'Sub7', which consists of a remote
> server enabling a third party to control an infected computer.
>
> We are terribly disappointed to report that the Sub7 server is not
> capable of launching DDoS attacks, unless it has been updated
> radically since the last time we, em, 'evaluated' it.
>
> Meanwhile, Network Associates' McAfee site has condescended to run
> some information on NETSEC's sensational new discovery, but what they
> have to say sounds painfully familiar.
>
> The Downloader Trojan "downloads another Trojan from the Internet and
> runs it silently. The downloaded Trojan is identified as
> 'BackDoor-G2'" [aka Sub7].
>
> "NETSEC alerted the Internet community about BackDoor-G2 by calling it
> 'Serbian Badman Trojan (TSB Trojan)'. News stories suggest that the
> controlling Trojan which is downloaded is a new threat -- it is not.
> Although the Trojan known as "Downloader" is new, the file downloaded
> is a known Trojan."
>
> In other words, NETSEC's discovery amounts to nothing more than a
> publicity stunt by an opportunistic security firm in quest of free
> advertising in the form of media attention.
>
> The Register is shocked....shocked....to learn that media manipulation
> is going on.
>
>
> *-------------------------------------------------*
> "Communications without intelligence is noise;
> Intelligence without communications is irrelevant."
> Gen. Alfred. M. Gray, USMC
> ---------------------------------------------------
> C4I Secure Solutions http://www.c4i.org
> *-------------------------------------------------*
>
> ISN is sponsored by SecurityFocus.com
> ---
> To unsubscribe email LISTSERVSecurityFocus.com with a message body of
> "SIGNOFF ISN".
>

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net