Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up.
.

  • To: 'Drew Weaver' <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
  • Subject: RE: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up.
  • From: "Levinson, Karl" <[EMAIL PROTECTED]>
  • Date: Wed, 6 Aug 2003 09:26:58 -0400
.
 
In case it is helpful, note that the DCOMX.EXE file name resembles the name
of the fairly new Autorooter / Cirebot / Downloader-DM / "RPC Worm"
[F-secure nomenclature] RPC attack tool, but none of the files are detected
as such by either NAV or TrendMicro House Call with the latest updates
applied.  

The four files in the subdirectory contain strings and file names that lead
one to suspect they are part of Intel Landesk [PDS.EXE, ping discovery
service per google, and XFR.EXE, Intel file transfer utility, per google].


-----Original Message-----
From: Drew Weaver [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 3:07 PM
To: [EMAIL PROTECTED]
Subject: [despammed] Dig in: autorooter, maybe that IRC one but SAV
doesnt pick it up.


Dig in.

http://www.soul-fu.com/drew.zip

I found this on a Windows 2k SP4 machine without (without) the two most
recent and critically nessicary patches.

Enjoy.

-Drew


---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.