Full Disclosure mailing list archives

RE: What is this

From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Mon, 8 Aug 2005 22:02:50 +0200

Hi,

It is an MS-EXE executable program.  Anti virus doesn't find 
it because it is not an virus.  Spybot for the same reason.  
To block these you need an smtp policy that does not allow 
executable attachments to incoming emails.


As a matter of fact this is a new sdbot variant. 

It does pretty much the same as any other sdbot variant outthere: It allows
the author of the code and others to control the infected host.

Kind regards
Peter Kruse



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this trains (Aug 08)
  - Re: What is this Michael Hale (Aug 08)
    - Re: What is this Ron (Aug 08)
  - RE: What is this Peter Kruse (Aug 08)
- Re: What is this Jeremy (Aug 08)
- RE: What is this Aditya Deshmukh (Aug 08)
- <Possible follow-ups>
- RE: What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this Feher Tamas (Aug 09)