[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b7bc1b1f04090213042260b9a2@mail.gmail.com>
From: uberguidoz at gmail.com (Über GuidoZ)
Subject: win2kup2date.exe ?
VirusTotal identified if as another Rbot/SDBot. Good questions Barry -
things one should also do or answer when questioning what something
is.
--
Peace. ~G
On Thu, 2 Sep 2004 13:35:00 -0400, James Patterson Wicks
<pwicks@...gen.com> wrote:
> French site
> (http://www.commentcamarche.net/forum/affich-975065-%5Balerte%5D-win2kup
> 2date-exe-new-virus) said that he had a shutdown after 60 seconds,
> thought it was a Blaster variant.
>
> Just passing on information.
>
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of bashis
> Sent: Thursday, September 02, 2004 9:33 AM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] win2kup2date.exe ?
>
> Hi
>
> Anyone heard about a file called "win2kup2date.exe" ?
> (Google says nothing found..;)
>
> I did a controlled test with a XP Pro box w/o patches on Inet
> and this little thingy came on my testbox thrue some sort of RPC
> exploit,
> tftp'ed down this file from connecting machine, started with SYSTEM,
> and tries to connect up to IRC.
>
> McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find
> any strange with this file..
>
> That was actually my test, v8.0 of McAfee virusscan have a future of
> "buffer overflow protection", it stopped the wellknown public RPC/DCOM
> exploit, but not the exploit that putted "win2kup2date.exe" on my
> testbox.
>
> Well, so mutch for the new "buffer overflow protection" future.. crap..
> ;)
>
> Have a nice day
> /bashis
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.
Powered by blists - more mailing lists