[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: undetected stuff downloaded by pnp worm

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: undetected stuff downloaded by pnp worm
From: Feher Tamas <etomcat@xxxxxxxxxxx>
Date: Tue, 6 Sep 2005 12:50:06 +0200 (CEST)

Hello,

One of the files is an undoubted malware, called
"trojan.proxy.agent.gm"

The other, larger file is a modified version of the "Serv-U"
ftp program.

Some AV vendors refuse to detect this as a virus, because it
could be used for legitimate purposes.

Other vendors detect it either as Serv-U.something or an
IRC-hacktool or an "IstBar" related threat. The world of
malware naming is a real mess.

Regards, Tamas Feher.


_______________________________________________________________________
[freemail] extra 1GB-os postafiókkal, Önnek már van? http://freemail.hu


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Anyone noticing an increase in IOS HTTP scanning?
Next by Date: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability
Previous by thread: [Full-disclosure] [USN-145-2] wget bug fix
Next by thread: [Full-disclosure] Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability
Index(es):
- Date
- Thread