[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FCAD9F541A8E8A44881527A6792F892C10CD9E@owa.eeye.com>
Date: Mon, 14 Jun 2004 10:47:14 -0700
From: "Drew Copley" <dcopley@...e.com>
To: "Rusty Chiles" <rustychiles@....net>, <bugtraq@...urityfocus.com>
Subject: RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection
> -----Original Message-----
> From: Rusty Chiles [mailto:rustychiles@....net]
> Sent: Thursday, June 03, 2004 3:35 PM
> To: bugtraq@...urityfocus.com
> Subject: New IRC Trojan -Symantec and Trend Micro Unable To
> Stop Infection
>
> It seems that a new trojan is making the rounds on irc.
> Nobody else seems to have figured it out yet, as there is no antivirus
> pattern out.
<snip>
getRealShell -> http://62.131.86.111/analysis.htm
Looks like straight from the aforementioned zero day spyware installer
in the wild.
This is pretty fast modification of the worm considering the spyware
distributor likely did not do this.
In fact, one is googled:
http://www.google.com/search?hl=en&ie=UTF-8&q=getRealShell&btnG=Google+S
earch
Here's a free fix which I made ten months ago for the adodb issue which
this and other vulnerabilities have used since then, re-released:
http://www.eeye.com/html/research/alerts/AL20040610.html
Powered by blists - more mailing lists