Full Disclosure mailing list archives

Re: one new trojan

From: Filbert <filbert () pandora be>
Date: Sat, 24 Jul 2004 20:25:28 +0200

On Saturday July 24 2004 19:13, Willem Koenings wrote:

hi,

today i encountered one new trojan : web.exe / services.exe,
arrives in arc.zip and is executed via java. kaspersky
doesn't identify this one yet. web exe is placed to the root
dir, then copied as services.exe to the SystemRoot\inetg

if anyone is curious to play with it :

http://conyc.com/galleryg/arc.zip

starter script is here:

http://conyc.com/galleryg/starter.html

willem.


NAV does recognise it as Trojan.ByteVerify.


-- 
echo "+++ATH0filb+++ATH0 () linuxmail org" | sed 's/+++ATH0//g'
 "Disclaimer:  Any similarities between what I say and what I mean 
  are purely coincidental." 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

one new trojan Willem Koenings (Jul 24)
- Re: one new trojan Filbert (Jul 24)
- RE: one new trojan Jelmer (Jul 24)
- <Possible follow-ups>
- re: one new trojan Willem Koenings (Jul 24)
  - Re: one new trojan Filbert (Jul 24)
  - Re: one new trojan Ben Lambrey (Jul 25)
    - Re: one new trojan Abilash Praveen M (Jul 27)