lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 7 Oct 2008 14:26:13 +0000
From: "jose achada" <achada.jose@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Report: PC Tools Spyware Doctor v6.0 flaw

Report: PC Tools Spyware Doctor v6.0 flaw
Set 7, 2008

-- Affected Vendors:
PC Tools

-- Affected Products:
Spyware Doctor v6.0

-- Download at:
http://www.pctools.com/mirror/sdasetup.exe

http://rapidshare.com/files/151742881/bd.rar.html
http://rapidshare.com/files/151742881/bd.rar.html?killcode=192850860729954980
Password: forspywaredoctortest

-- Vulnerability Details:
A flaw exists in PC Tools Spyware Doctor while deleting a particular
Backdoor. The mechanism used to clean an infected machine will crash
the machine. (Blue Screen of Death might appear)



-- Step by Step
1) Instaled Windows XP.

2) Created the trojan (with ejection in IE) with the client.

3) Executed the trojan.

6) Instaled PC Tools Firewall Plus 4.0 and made a reboot.

4) Instaled Spyware Doctor 6.0

5) Run the Smart Update and downloaded 26 signature database files (35MB)

6) Spyware Doctor automaticaly runs a scan and finds Backdoor.Beastdoor.

8) Tried to remove the backdoor. The system crashed and made a reboot.

9) Tried to remove the backdoor several times and the result was the
same, a system crash.

10) Entered in safe boot, made a scan and i was able to delete it.



-- Dificulty Level:
High, it only happen as far as i know we one Backdoor.

-- Disclosure Timeline:
2008-07-29 - Published
2008-09-07 - Disclosed

-- About:
Fabio Pinheiro at http://dicas3000.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ