|
Dailydave
mailing list archives
Re: Times up!
From: dennis () backtrace de
Date: Fri, 24 Oct 2008 15:46:55 +0200
Zitat von Mike Johnson <mike () enoch org>:
Just to split hairs, Gimmiv is a trojan, not a worm. It's just a
keylogger. It in and of itself does not spread. I have no idea why the
Threatexpert blogger called it a worm, everyone else calls it a trojan.
While I do not claim to be an expert, the samples I have seen with my
own eyes are trojans and don't have the ability to spread.
That said, it won't take much for someone to write self-replicating code
exploiting this vulnerability.
It is a Trojan (a password stealer, downloader) which downloads an
additional (exploit) component named "basesvc.dll" as mentioned by
ThreatExpert on their blog. If you have a look at that file, it is
pretty evident that it might (I haven't gotten that far with my
analysis) exploit the vulnerability fixed with MS08-076 and thus may
be used to spread the password stealing Trojan.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
Intro
