Security Incidents mailing list archives
Re: SQL injection ... another attack
From: Teodor Cimpoesu <teodor.cimpoesu () kaspersky ro>
Date: Thu, 20 Jan 2005 10:36:36 +0200
Maxime Ducharme wrote:
Hi to the list today we received the same SQL injection attack on the same URL :
[...]
The lol.exe file can be found in this archive for inspection : http://www.cybergeneration.com/security/2005.01.19/lol.zip zip pass is das978tewa234
[...]
I'm interested if someone do an analysis on this file.
KAV (update of 20.01.2005/115094) detects it as Backdoor.Win32.SdBot.gen.Aliases (from virulist.com) are: W32/Lolol.worm.gen (McAfee), Win32.IRC.Bot.based (Doctor Web), Troj/IRCBot-Fam (Sophos), Backdoor:IRC/SdBot (RAV), Worm/Sdbot.39936.B (H+BEDV), Win32:SdBot-g2 (ALWIL), Backdoor.SDBot.Gen (SOFTWIN), Trojan.IRCBot.gen (ClamAV), Bck/Sdbot.BCT (Panda), IRC/SdBot.COU (Eset).
friendly yours, -- Teodor Cimpoesu, Project Manager Kaspersky Lab. Romania http://www.kaspersky.com/
Current thread:
- SQL injection ... another attack Maxime Ducharme (Jan 20)
- Re: SQL injection ... another attack Teodor Cimpoesu (Jan 20)
- Re: SQL injection ... another attack gaurav kumar (Jan 20)
- Re: SQL injection ... another attack Harlan Carvey (Jan 20)
- Re: SQL injection ... another attack Maxime Ducharme (Jan 20)
- Re: SQL injection ... another attack Harlan Carvey (Jan 20)