Bugtraq: RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection

From: "Drew Copley" <dcopley () eEye com>
Date: Mon, 14 Jun 2004 10:47:14 -0700

-----Original Message-----
From: Rusty Chiles [mailto:rustychiles () cox net] 
Sent: Thursday, June 03, 2004 3:35 PM
To: bugtraq () securityfocus com
Subject: New IRC Trojan -Symantec and Trend Micro Unable To 
Stop Infection

It seems that a new trojan is making the rounds on irc.
Nobody else seems to have figured it out yet, as there is no antivirus
pattern out.


<snip>

getRealShell -> http://62.131.86.111/analysis.htm

Looks like straight from the aforementioned zero day spyware installer
in the wild.

This is pretty fast modification of the worm considering the spyware
distributor likely did not do this.

In fact, one is googled:
http://www.google.com/search?hl=en&ie=UTF-8&q=getRealShell&btnG=Google+S
earch

Here's a free fix which I made ten months ago for the adodb issue which
this and other vulnerabilities have used since then, re-released:

http://www.eeye.com/html/research/alerts/AL20040610.html

By Date By Thread

Current thread:

RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection Romulo M. Cholewa (Jun 14)
- <Possible follow-ups>
- RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection Drew Copley (Jun 14)