Re: New backdoor program in the wild

["Chris Rose" <chris.rose () dsl pipex com>]

Kristian Hermansen wrote:
> I think I've seen this one before.  Some keywords that come to mind are APRE
> (Advanced Port Redirection Engine), Assassin 2.0, and the site that hosts
> those files (forget the name).  These guys code Trojans for $$$!!!  But they
> also offer free tools to make Trojans and it looks like this one is using
> those tools by what you described (especially when attaching to IE process,
> which is its default option to bypass Application Protection!!!).  The app
> protection would catch it if it were utilizing MD5 versus file names
> (dumb)...

> From what I understand, it injects itself into the running process, not the
executable, so checking MD5 hash's would yeild nothing in this case.

> APRE tool: http://www.megasecurity.org/trojans/a/apre/Apre1.0.html
> Trojans for $$$ website: ?????

www.evileyesoftware.com.

Kind Regards,
Chris Rose


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html