Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Clicktilluwin DLDER Trojan

From: CyBot <cybot () sbox tugraz at>
Date: Thu, 3 Jan 2002 19:46:00 +0100 (CET)
On Thu, 3 Jan 2002, ByteRage wrote:

hmm it seems more thorough analysis has already been
performed by AV researchers :

http://www.symantec.com/avcenter/venc/data/w32.dlder.trojan.html
http://www.europe.f-secure.com/v-descs/dlder.shtml
http://vil.mcafee.com/dispVirus.asp?virus_k=99289&;
http://www.xtra.co.nz/help/0,,4128-544089,00.html#dlder


They contain nothing new, just the information from the various 
vuln-dev mails.


It appears to be installed by LimeWare Gnutella /
Grokster


and BonziBuddy and Net2Phone 
(http://www.clicktilluwin.com/clickpartners.htm)

under http://www.clicktilluwin.com/clickprivacyterms.htm, they admit to 
monitor URL's the user visits while the trojan is running (to trigger 
advertisements).

greetings,
 CyBot

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d-(+)@ s:- a-- C+++ UL+++ P-- L+>++ E- W+(++)>+++ N++ o K++ w !O !M
!V PS++ PE+ Y+ PGP t+ 5 X R>+ tv+ b+(+++) DI++ UF++ D++ G++ e h! r++ y+
------END GEEK CODE BLOCK------
Previous By Date Next
Previous By Thread Next

Current thread: