Vulnerability Development mailing list archives

Fwd: Re: The Cleaner reports WinPCap contains WinRAT trojan

From: dumbwabbit <dumbwabbit () yahoo com>
Date: Sat, 16 Feb 2002 17:34:54 -0800 (PST)

From the source folks, this is confirmation from

MooSoft that it was indeed a false alert. 

My apologies to all for taking up bandwidth etc.......

heh.

Still, had to be sure.

+-dumbwabbit=+-

--- dsovml () dynamsol com wrote:

From dsovml () dynamsol com Sat Feb 16 16:43:02 2002
Date: Sat, 16 Feb 2002 17:43:02 -0700 (MST)
Subject: Re: The Cleaner reports WinPCap contains
WinRAT trojan
From: <dsovml () dynamsol com>
To: <dumbwabbit () yahoo com>

I did not receive your email.  I suspect you sent it
to the trojan
submission address trojans () moosoft com which is an
attachment collector and
is not monitored by a human.

WinPCAP was identified incorrectly and it has been
corrected in the latest
database.

Daniel Otis-Vigil

Forgive the cross-posting, but I think this *may*
merit it.

WinPCap is a packet capture driver/architecture

for

Windows platform, allowing Windows users to do

such

things as run NMapNT, the NT port of Nmap.

Upon scanning a file archive on one of my pen

testing

laptops, using the latest updated version of The
Cleaner (a trojan AV product from MooSoft), The
Cleaner reports that versions 2.01, 2.1, 2.2, and

2.3

beta, along with the Developer Pack of WinPCap are

all

infected with or contain the WinRAT (aka Windows
Remote Administration Toolkit) client/server

trojan. I

"tested" this further by re-downloading the

WinPCap

files from the original website, located at:

http://netgroup-serv.polito.it/winpcap/install/default.htm

All files downloaded from this location scanned by

The

Cleaner are reported as containing WinRAT.

I have sent copies of these files to MooSoft

asking if

they can verify this, and I have emailed the

authors

of WinPCap as well. That was 3 days ago.

McAfee VirusScan 4.51 and 6, both with latest DATs
(4186) do not find anything.
I do not have access currently to Norton or Trend

or

another AV product.
I also cannot find any helpful information about

the

WinRAT trojan online (MooSoft's description

contains

absolutely NO information regarding this trojan

other

than listing it - see
http://www.moosoft.com/winrat.php).
I have not yet heard back from WinPCap authors,

nor

MooSoft. Therefore, I would like to ask if anyone

else

can verify or disprove this "finding".

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com



__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

Current thread:

The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)
- RE: The Cleaner reports WinPCap contains WinRAT trojan Brenna Primrose (Feb 16)
- Re: The Cleaner reports WinPCap contains WinRAT trojan Gideon Lenkey (Feb 16)
- Re: The Cleaner reports WinPCap contains WinRAT trojan Ryan Verner (Feb 16)
- Update: The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)
- <Possible follow-ups>
- Fwd: Re: The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)