Full Disclosure: Re: Subject: Some suspicious files

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Subject: Some suspicious files

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sat, 1 May 2004 11:27:18 -0700

sneaker

possibly a beta version of a connect back trojan.

seems to be able to use a website to transfer information between the
attacker and the infected machine.


appredir-username=some_irc_guy
client version=sneaker_0.19
cmd-url=http://1337suxx0r.ath.cx:580/hack/sneaker/cmd.php=login-url=http://1337s
uxx0r.ath.cx:580/hack/sneaker/login.php
opfer-info=some_irc_guy
 /s7regkey={13371337-1337-1337-1337-133713371337}
<SubSeven Startup Method (requires Config Setting "s7regkey")

m.w

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Re: Subject: Some suspicious files Marcel Krause (May 01)
- Re: Subject: Some suspicious files dila (May 01)
  - Re: Subject: Some suspicious files morning_wood (May 01)
  - Re: Subject: Some suspicious files Marcel Krause (May 01)