Full Disclosure mailing list archives
Heads up: Possible lsass worm in the wild
From: Feher Tamas <etomcat () freemail hu>
Date: Fri, 30 Apr 2004 11:18:19 +0200 (CEST)
Hello,
for those interested in a sample, it may be obtained at http://exploit.nothackers.org/msiwin84-lsass.zip
Kaspersky AV say: Agobot.GEN (heuristic match) Trend Micro AV says: WORM_AGOBOT.JF (exact match) BTW, Trend Micro says the Agobot (alias Gaobot/Phatbot) malware family has over 900 variants. F-Secure says there are 450 members. Anyhow, there are many subtle variants and Agobot is the most populous family ever. VXers willing, it may even reach Agobot.JFK some time... Sincerely: Tamas Feher. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Heads up: Possible lsass worm in the wild morning_wood (Apr 29)
- Re: Heads up: Possible lsass worm in the wild insecure (Apr 29)
- Re: Heads up: Possible lsass worm in the wild morning_wood (Apr 29)
- Re: Heads up: Possible lsass worm in the wild Paul Tinsley (Apr 29)
- Re: Heads up: Possible lsass worm in the wild morning_wood (Apr 29)
- Re: [0day] Heads up: Possible lsass worm in the wild Darren Bounds (Apr 29)
- <Possible follow-ups>
- RE: Heads up: Possible lsass worm in the wild Randal, Phil (Apr 29)
- Heads up: Possible lsass worm in the wild Feher Tamas (Apr 29)
- Heads up: Possible lsass worm in the wild Feher Tamas (Apr 30)
- Heads up: Possible lsass worm in the wild Feher Tamas (Apr 30)
- Re: Heads up: Possible lsass worm in the wild insecure (Apr 29)