| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jpeaa at allstate.com (Peadro, Jeff (AIS)) Subject: Norton AntiVirus 2005 treats Radmin as a Virus ??! Correct. RA was used in the JPEG exploit from easynews. quoted from GDI spoit itself " UPDATE: We have packet logs at http://easynews.com/virus/ THIS VIRUS IS NASTY! If you don't know what a jpeg virus is, check out: http://news.google.com/news?q=jpeg+virus Swany and I wrote a quick and nasty script to scan every jpeg that comes into Easynews.com.. It paged my cell phone at 6:47pm PDT on 9/26/2004 for the first hit, and 7:52pm PDT on 9/26/2004 for the second hit. Once this JPEG overflowed GDI+, it phoned home, connected to and ftp site and downloaded almost 2megs of stuff. It installs a trojan that installs itself as a service. It also installs radmin (radmin.com) running as 'r_server'. From the radmin.com site, "With Radmin you can work on a remote computer exactly as if you were right there at its keyboard." It phones home to the same IP that is in the usenet post headers. Then it seems to connect to ftp://209.171.43.27/www/system/ u/p bawz/pagdba (last time I checked, 93 users where logged in!) " jEff -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Todd Towles Sent: Tuesday, October 12, 2004 9:15 AM To: Sowhat .; full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a Virus ??! That is a widely used tool that is dropped by various malware programs. I think even one of the JPEG exploits was dropping radmin.exe It be better to assume you have a infection and prove yourself wrong than the other way around. Look into it pretty deep, I would suggest. > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Sowhat . > Sent: Tuesday, October 12, 2004 7:51 AM > To: full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] Norton AntiVirus 2005 treats > Radmin as a Virus ??! > > hi ?list > > I have installed Norton AntiVirus 2005 ,and when i open my > F:\ directory ,Norton pops up and show that,"Norton AntiVirus > has detected a virus on your computer" "Boject Name > F:\radmin.exe" "Virus Name Hacktool". > > Is RemoteAdministrator a commercial remote control software > or a Hacktool ? > > the following information is copied from the Radmin's site: > (http://www.radmin.com/) > > "This fast, reliable, easy-to-use pc remote control software > saves you hours of running up and down stairs between > computers. Radmin allows you to take control of another PC on > a LAN, WAN or dial-up connection so you see the remote > computer's screen on your monitor and all your mouse > movements and keystrokes are directly transferred to the > remote machine. Radmin provides fast secure access to remote > PC's on Windows platforms. " > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists