[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] What is this

To: <trains@xxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] What is this
From: "Peter Kruse" <kruse@xxxxxxxxxxxxxxxx>
Date: Mon, 8 Aug 2005 22:02:50 +0200

Hi,

> It is an MS-EXE executable program.  Anti virus doesn't find 
> it because it is not an virus.  Spybot for the same reason.  
> To block these you need an smtp policy that does not allow 
> executable attachments to incoming emails.

As a matter of fact this is a new sdbot variant. 

It does pretty much the same as any other sdbot variant outthere: It allows
the author of the code and others to control the infected host.

Kind regards
Peter Kruse



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] What is this
  - From: trains

Prev by Date: Re: [Full-disclosure] What is this
Next by Date: [Full-disclosure] UNICODE For Windows XP Password Strings (Keyboard or other Character Entry Method)
Previous by thread: Re: [Full-disclosure] What is this
Next by thread: Re: [Full-disclosure] What is this
Index(es):
- Date
- Thread