Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: one new trojan
From: Filbert <filbert () pandora be>
Date: Sat, 24 Jul 2004 20:25:28 +0200

On Saturday July 24 2004 19:13, Willem Koenings wrote:
hi,

today i encountered one new trojan : web.exe / services.exe,
arrives in arc.zip and is executed via java. kaspersky
doesn't identify this one yet. web exe is placed to the root
dir, then copied as services.exe to the SystemRoot\inetg

if anyone is curious to play with it :

http://conyc.com/galleryg/arc.zip

starter script is here:

http://conyc.com/galleryg/starter.html

willem.

NAV does recognise it as Trojan.ByteVerify.


-- 
echo "+++ATH0filb+++ATH0 () linuxmail org" | sed 's/+++ATH0//g'
 "Disclaimer:  Any similarities between what I say and what I mean 
  are purely coincidental." 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault