[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] New backdoor program in the wild

To: <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] New backdoor program in the wild
From: "Chris Rose" <chris.rose@dsl.pipex.com>
Date: Sun, 23 Nov 2003 20:36:40 -0000

Kristian Hermansen wrote:
> I think I've seen this one before.  Some keywords that come to mind are APRE
> (Advanced Port Redirection Engine), Assassin 2.0, and the site that hosts
> those files (forget the name).  These guys code Trojans for $$$!!!  But they
> also offer free tools to make Trojans and it looks like this one is using
> those tools by what you described (especially when attaching to IE process,
> which is its default option to bypass Application Protection!!!).  The app
> protection would catch it if it were utilizing MD5 versus file names
> (dumb)...

From what I understand, it injects itself into the running process, not the
executable, so checking MD5 hash's would yeild nothing in this case.

> APRE tool: http://www.megasecurity.org/trojans/a/apre/Apre1.0.html
> Trojans for $$$ website: ?????

www.evileyesoftware.com.

Kind Regards,
Chris Rose

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] New backdoor program in the wild
  - From: "Kristian Hermansen" <khermansen@ht-technology.com>

Prev by Date: [Full-Disclosure] VieNuke VieBoard SQL Injection Vulnerability... again
Next by Date: [Full-Disclosure] lots and lots and lots of swen?
Previous by thread: RE: [Full-Disclosure] New backdoor program in the wild
Next by thread: RE: [Full-Disclosure] New backdoor program in the wild
Index(es):
- Date
- Thread