Full Disclosure mailing list archives

Re: Multiple 0-days in Dark Comet RAT

From: Valdis.Kletnieks () vt edu
Date: Mon, 15 Oct 2012 14:10:16 -0400

On Sat, 13 Oct 2012 14:47:20 -0400, "Hertz, Jesse" said:

The cool thing about it is that if you are a net/sys admin, and you notice
one of your computers has been compromised, you can pwn the C+C server.

these are exploits in the C+C server, not in the installed trojan.

that's why its relevant. you can counterhack and pwn the person who pwned
you.


Strongly recommended that you retain competent legal counsel before
actually doing so.  The legality of counterhacking is *highly* debated in
most jurisdictions.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Multiple 0-days in Dark Comet RAT Hertz, Jesse (Oct 09)
- Re: Multiple 0-days in Dark Comet RAT Philip Whitehouse (Oct 10)
  - Re: Multiple 0-days in Dark Comet RAT Thor (Hammer of God) (Oct 10)
  - Re: Multiple 0-days in Dark Comet RAT Pascal Ernster (Oct 11)
    - Re: Multiple 0-days in Dark Comet RAT Valdis . Kletnieks (Oct 11)
    - Re: Multiple 0-days in Dark Comet RAT Gage Bystrom (Oct 11)
    - Re: Multiple 0-days in Dark Comet RAT Julius Kivimäki (Oct 11)
    - Re: Multiple 0-days in Dark Comet RAT Hertz, Jesse (Oct 14)
    - Re: Multiple 0-days in Dark Comet RAT Valdis . Kletnieks (Oct 15)
    - Re: Multiple 0-days in Dark Comet RAT Hertz, Jesse (Oct 17)
- Re: Multiple 0-days in Dark Comet RAT kaveh ghaemmaghami (Oct 18)
  - Re: Multiple 0-days in Dark Comet RAT Valdis . Kletnieks (Oct 18)
- <Possible follow-ups>
- Re: Multiple 0-days in Dark Comet RAT scriptjunkie (Oct 18)