Security Incidents mailing list archives
RE: Can anyone identify this backdoor?
From: "Ian Webb" <iwebb () carolina rr com>
Date: Mon, 22 Jul 2002 01:34:56 -0400
The cmd.exe in cc.zip is the cmd.exe from NT4 SP6a. I just did a FC on a copy extracted from the Service Pack and it's exactly the same. -----Original Message----- From: Richard Bartlett [mailto:richard () hackerimmunity demon co uk] Sent: Thursday, July 11, 2002 6:33 PM To: Matt Andreko; incidents () securityfocus com Subject: RE: Can anyone identify this backdoor? Matt, I've done a quick analysis on this and come up with the following; <snip> C:\recycler\CMD.EXE (possibley geniune cmd.exe from a version of NT/2K/XP, source unknown) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Can anyone identify this backdoor? Matt Andreko (Jul 10)
- Re: Can anyone identify this backdoor? David Jacoby (Jul 11)
- Re: Can anyone identify this backdoor? Ryan Russell (Jul 11)
- RE: Can anyone identify this backdoor? Matt Andreko (Jul 11)
- Re: Can anyone identify this backdoor? Matt Scarborough (Jul 12)
- Re: Can anyone identify this backdoor? shawn merdinger (Jul 11)
- RE: Can anyone identify this backdoor? Erick Arturo Perez Huemer (Jul 11)
- RE: Can anyone identify this backdoor? Richard Bartlett (Jul 11)
- RE: Can anyone identify this backdoor? Ian Webb (Jul 22)
- Re: Can anyone identify this backdoor? Mark Shirley (Jul 12)
- <Possible follow-ups>
- Re: Can anyone identify this backdoor? Jhon Q Doe (Jul 11)
- Re: Can anyone identify this backdoor? David Jacoby (Jul 11)
- Re: Can anyone identify this backdoor? David Jacoby (Jul 11)