[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <007b01c3b201$7fce8c20$0200a8c0@behostslolsjn2>
From: chris.rose at dsl.pipex.com (Chris Rose)
Subject: New backdoor program in the wild
Kristian Hermansen wrote:
> I think I've seen this one before. Some keywords that come to mind are APRE
> (Advanced Port Redirection Engine), Assassin 2.0, and the site that hosts
> those files (forget the name). These guys code Trojans for $$$!!! But they
> also offer free tools to make Trojans and it looks like this one is using
> those tools by what you described (especially when attaching to IE process,
> which is its default option to bypass Application Protection!!!). The app
> protection would catch it if it were utilizing MD5 versus file names
> (dumb)...
>From what I understand, it injects itself into the running process, not the
executable, so checking MD5 hash's would yeild nothing in this case.
> APRE tool: http://www.megasecurity.org/trojans/a/apre/Apre1.0.html
> Trojans for $$$ website: ?????
www.evileyesoftware.com.
Kind Regards,
Chris Rose
Powered by blists - more mailing lists