Vulnerability Development mailing list archives
Re: Clicktilluwin DLDER Trojan
From: CyBot <cybot () sbox tugraz at>
Date: Thu, 3 Jan 2002 19:46:00 +0100 (CET)
On Thu, 3 Jan 2002, ByteRage wrote:
hmm it seems more thorough analysis has already been performed by AV researchers : http://www.symantec.com/avcenter/venc/data/w32.dlder.trojan.html http://www.europe.f-secure.com/v-descs/dlder.shtml http://vil.mcafee.com/dispVirus.asp?virus_k=99289& http://www.xtra.co.nz/help/0,,4128-544089,00.html#dlder
They contain nothing new, just the information from the various vuln-dev mails.
It appears to be installed by LimeWare Gnutella / Grokster
and BonziBuddy and Net2Phone (http://www.clicktilluwin.com/clickpartners.htm) under http://www.clicktilluwin.com/clickprivacyterms.htm, they admit to monitor URL's the user visits while the trojan is running (to trigger advertisements). greetings, CyBot -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d-(+)@ s:- a-- C+++ UL+++ P-- L+>++ E- W+(++)>+++ N++ o K++ w !O !M !V PS++ PE+ Y+ PGP t+ 5 X R>+ tv+ b+(+++) DI++ UF++ D++ G++ e h! r++ y+ ------END GEEK CODE BLOCK------
Current thread:
- Re: Clicktilluwin DLDER Trojan NETKOJI (Jan 01)
- <Possible follow-ups>
- Re: Clicktilluwin DLDER Trojan ByteRage (Jan 02)
- Re: Clicktilluwin DLDER Trojan ByteRage (Jan 03)
- Re: Clicktilluwin DLDER Trojan CyBot (Jan 03)
- Re: Clicktilluwin DLDER Trojan ByteRage (Jan 03)
- Re: Clicktilluwin DLDER Trojan Jon Williams (Jan 03)
- Re: Clicktilluwin DLDER Trojan Alex Salkever (Jan 03)