| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: uberguidoz at gmail.com (Über GuidoZ) Subject: win2kup2date.exe ? I believe someone else mentioned this site on this list (not sure), but have you tried running it through www.VirusTotal.com? A nice place for a quick 2nd opinion. If you want to email me a copy of it, I'll rip it apart and see what can be seen. P.S. Send it to guidoz@...doz.com - it's my "catch all" for virus/unknown files. Just be sure to ZIP it up or else the web host won't let it through. Otherwise I have disabled all checks/scan. Downloads directly to a secured Linux box. -- Peace. ~G On Thu, 2 Sep 2004 15:33:17 +0200 (CEST), bashis <mcw@....se> wrote: > Hi > > Anyone heard about a file called "win2kup2date.exe" ? > (Google says nothing found..;) > > I did a controlled test with a XP Pro box w/o patches on Inet > and this little thingy came on my testbox thrue some sort of RPC exploit, > tftp'ed down this file from connecting machine, started with SYSTEM, > and tries to connect up to IRC. > > McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find > any strange with this file.. > > That was actually my test, v8.0 of McAfee virusscan have a future of > "buffer overflow protection", it stopped the wellknown public RPC/DCOM > exploit, but not the exploit that putted "win2kup2date.exe" on my testbox. > > Well, so mutch for the new "buffer overflow protection" future.. crap.. ;) > > Have a nice day > /bashis
Powered by blists - more mailing lists