lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <42CCEBA6.5060202@charter.net> Date: Thu Jul 7 09:45:40 2005 From: reece.mills at charter.net (Reece Mills) Subject: Researching IMISERV (wupdt.exe) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What!? No Takers?!!! http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IMISERV.A http://securityresponse.symantec.com/avcenter/venc/data/backdoor.imiserv.html PLEASE!!! Your neighbor is you and the friend is your wife. You formated and re-installed the machine. If your not trolling... You want to infect a butt-load of educational systems (no doubt on an .edu network, no doubt exposed to the public) with a virus (Trojan really). ~From McAfee: This program is not a virus. However, it may seem to have trojan like behaviour. There is more than one version of this program. Users may observe a slightly different behaviour. This program is a download component of the IMIServ application. When run, it installs itself onto the target machine as %WinDir%\wupdt.exe . It attempts to download content from a remote server. The following Registry entries are added to hook system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Run "Win Server Updt" = WUPDT.EXE Seems to be installed by some pop-up adverts (this is difficult to track down). To enable detection for this program, please refer to the instructions below about how to configure application-type detections within VirusScan v7+. Alternatively, users could run the command line scanner with the /PROGRAM switch. How much do you make maybe I'll want to work for you. - --Reece rlh@...h.ai wrote: | Hello everyone, | | I am in the process of developing network security labs for some | community college students. Very recently I assisted a neighbor | with removing the IMISERV virus from a friend's laptop. It's not | possible to get the laptop back, but I would very much like to | write a lab for my students in which they would operate a machine | infected with IMISERV, identify the wupdt.exe process, and then | gather information from the net on how to remove this themselves. | | I've been looking all over the net but have not been able to find a | copy of this virus/trojan. Can anyone point me in the right | direction? | | These are some of the sites I've check so far, but have not been | able to locate IMISERV: | | http://www.infosyssec.net | http://el-killer.chez.tiscali.fr/Virii.htm | http://membres.lycos.fr/asle/virii.2.html | http://www.security.nnov.ru | http://biohazard.xz.cz | http://www.astalavista.com | | And several others. | | Can anyone shed some light on where to grab this? | | thx, | | rlh Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCzOuh9WfFCHCe/LcRAi8aAJ9Enr3FSxD/3FRFPgWgy8vPxROvrwCgkYml ZfLFI1tuu4LgJys0hY3mLDA= =8Osj -----END PGP SIGNATURE-----
Powered by blists - more mailing lists