Full Disclosure mailing list archives

RE: [SPAM] RE: interesting trojan found

From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 21 Oct 2004 08:51:25 -0500

But if it is a rootkit, does it not hide from normal AV scanning?

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Hugo van der Kooij
Sent: Wednesday, October 20, 2004 11:58 PM
To: full-disclosure () lists netsys com
Subject: Re: [SPAM] RE: [Full-disclosure] interesting trojan found

On Wed, 20 Oct 2004, Richard Stevens wrote:

http://81.101.19.177/logon.zip


F-PROT ANTIVIRUS
Program version: 4.4.7
Engine version: 3.14.13
LOGON.EXE  is a security risk named W32/Spybot.BCM

ClamAV does not recognize it yet. (But it is is the queue as 
Submission number 6278.)

Hugo.

-- 
      I hate duplicates. Just reply to the relevant mailinglist.
      hvdkooij () vanderkooij org             
http://hvdkooij.xs4all.nl/
              Don't meddle in the affairs of magicians,
              for they are subtle and quick to anger.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: [SPAM] RE: interesting trojan found Todd Towles (Oct 21)
- SV: [SPAM] RE: interesting trojan found Peter Kruse (Oct 21)
- Re: [SPAM] RE: interesting trojan found James Riden (Oct 21)
- <Possible follow-ups>
- RE: [SPAM] RE: interesting trojan found Todd Towles (Oct 21)