Re: win2kup2date.exe ?

[Über GuidoZ <uberguidoz () gmail com>]

I believe someone else mentioned this site on this list (not sure),
but have you tried running it through www.VirusTotal.com? A nice place
for a quick 2nd opinion. If you want to email me a copy of it, I'll
rip it apart and see what can be seen.

P.S. Send it to guidoz () guidoz com - it's my "catch all" for
virus/unknown files. Just be sure to ZIP it up or else the web host
won't let it through. Otherwise I have disabled all checks/scan.
Downloads directly to a secured Linux box.

-- 
Peace. ~G


On Thu, 2 Sep 2004 15:33:17 +0200 (CEST), bashis <mcw () wcd se> wrote:
> Hi
>
> Anyone heard about a file called "win2kup2date.exe" ?
> (Google says nothing found..;)
>
> I did a controlled test with a XP Pro box w/o patches on Inet
> and this little thingy came on my testbox thrue some sort of RPC exploit,
> tftp'ed down this file from connecting machine, started with SYSTEM,
> and tries to connect up to IRC.
>
> McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find
> any strange with this file..
>
> That was actually my test, v8.0 of McAfee virusscan have a future of
> "buffer overflow protection", it stopped the wellknown public RPC/DCOM
> exploit, but not the exploit that putted "win2kup2date.exe" on my testbox.
>
> Well, so mutch for the new "buffer overflow protection" future.. crap.. ;)
>
> Have a nice day
> /bashis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html