Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Virus Thread Netsky.D and Quick analysis
From: "Helmut Hauser" <helmut_hauser () hotmail com>
Date: Mon, 1 Mar 2004 15:10:41 +0100

Netsky.D is rapildely spreading ...

Quick analysis:
Packed with the Petite exe Packer V2.2
Tries to infect the follwing drives and/or network shares:
z:  y:  x:  w:  v:  u:  t:  s:  r:  q:  p:  o:  n:  m:  l:  k:  j:  i:  h:
g:  f:  e:  d:  c:
Has follwing IP addresses built in:

Interesting string: be aware! Skynet.cz - -->AntiHacker Crew<-- 

Installs itself at
SOFTWARE\Microsoft\Windows\CurrentVersion\Run    -stealth   winlogon.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\PINF Sentry  OLE service
au.exe  d3dupdate.exe

Was signed by skoorpio () yahoo com

Helmut Hauser
Systemadministration EDV
Intraplan Consult GmbH
Orleansplatz 5a
81667 M√ľnchen
(089) 45911-123

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]