lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200407242025.28557.filbert@pandora.be>
From: filbert at pandora.be (Filbert)
Subject: one new trojan

On Saturday July 24 2004 19:13, Willem Koenings wrote:
> hi,
>
> today i encountered one new trojan : web.exe / services.exe,
> arrives in arc.zip and is executed via java. kaspersky
> doesn't identify this one yet. web exe is placed to the root
> dir, then copied as services.exe to the SystemRoot\inetg
>
> if anyone is curious to play with it :
>
> http://conyc.com/galleryg/arc.zip
>
> starter script is here:
>
> http://conyc.com/galleryg/starter.html
>
> willem.

NAV does recognise it as Trojan.ByteVerify.


-- 
echo "+++ATH0filb+++ATH0@...uxmail.org" | sed 's/+++ATH0//g'
 "Disclaimer:  Any similarities between what I say and what I mean 
  are purely coincidental."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ