Vulnerability Development mailing list archives
Fwd: Re: The Cleaner reports WinPCap contains WinRAT trojan
From: dumbwabbit <dumbwabbit () yahoo com>
Date: Sat, 16 Feb 2002 17:34:54 -0800 (PST)
From the source folks, this is confirmation from
MooSoft that it was indeed a false alert. My apologies to all for taking up bandwidth etc....... heh. Still, had to be sure. +-dumbwabbit=+- --- dsovml () dynamsol com wrote:
From dsovml () dynamsol com Sat Feb 16 16:43:02 2002 Date: Sat, 16 Feb 2002 17:43:02 -0700 (MST) Subject: Re: The Cleaner reports WinPCap contains WinRAT trojan From: <dsovml () dynamsol com> To: <dumbwabbit () yahoo com> I did not receive your email. I suspect you sent it to the trojan submission address trojans () moosoft com which is an attachment collector and is not monitored by a human. WinPCAP was identified incorrectly and it has been corrected in the latest database. Daniel Otis-VigilForgive the cross-posting, but I think this *may* merit it. WinPCap is a packet capture driver/architectureforWindows platform, allowing Windows users to dosuchthings as run NMapNT, the NT port of Nmap. Upon scanning a file archive on one of my pentestinglaptops, using the latest updated version of The Cleaner (a trojan AV product from MooSoft), The Cleaner reports that versions 2.01, 2.1, 2.2, and2.3beta, along with the Developer Pack of WinPCap areallinfected with or contain the WinRAT (aka Windows Remote Administration Toolkit) client/servertrojan. I"tested" this further by re-downloading theWinPCapfiles from the original website, located at:
http://netgroup-serv.polito.it/winpcap/install/default.htm
All files downloaded from this location scanned byTheCleaner are reported as containing WinRAT. I have sent copies of these files to MooSoftasking ifthey can verify this, and I have emailed theauthorsof WinPCap as well. That was 3 days ago. McAfee VirusScan 4.51 and 6, both with latest DATs (4186) do not find anything. I do not have access currently to Norton or Trendoranother AV product. I also cannot find any helpful information abouttheWinRAT trojan online (MooSoft's descriptioncontainsabsolutely NO information regarding this trojanotherthan listing it - see http://www.moosoft.com/winrat.php). I have not yet heard back from WinPCap authors,norMooSoft. Therefore, I would like to ask if anyoneelsecan verify or disprove this "finding". __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
__________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
Current thread:
- The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)
- RE: The Cleaner reports WinPCap contains WinRAT trojan Brenna Primrose (Feb 16)
- Re: The Cleaner reports WinPCap contains WinRAT trojan Gideon Lenkey (Feb 16)
- Re: The Cleaner reports WinPCap contains WinRAT trojan Ryan Verner (Feb 16)
- Update: The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)
- <Possible follow-ups>
- Fwd: Re: The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)