Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: one new trojan
From: Filbert <filbert () pandora be>
Date: Sat, 24 Jul 2004 20:25:28 +0200

On Saturday July 24 2004 19:13, Willem Koenings wrote:

today i encountered one new trojan : web.exe / services.exe,
arrives in arc.zip and is executed via java. kaspersky
doesn't identify this one yet. web exe is placed to the root
dir, then copied as services.exe to the SystemRoot\inetg

if anyone is curious to play with it :


starter script is here:



NAV does recognise it as Trojan.ByteVerify.

echo "+++ATH0filb+++ATH0 () linuxmail org" | sed 's/+++ATH0//g'
 "Disclaimer:  Any similarities between what I say and what I mean 
  are purely coincidental." 

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]