On Thu, 2 Sep 2004 10:16:30 -0400, S.A. Birl wrote:
>Does anyone know how it infects?
Primarily via the LSASS exploit over port 445, but variants have been
seen with the following additional exploits/password brute-force
spreading modules:
WebDav
Lsass135
Lsass1025
NetBios
NTPass
Dcom135
Dcom44
So rename it to a txt file. Just let everyone know. Or zip it maybe.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of S.A. Birl
Sent: Thursday, September 02, 2004 9:17 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Microsoft Update Loader
(Un)Fortunately, I am not allowed to distribue the exe.
Does anyone know how it infects?
On Sep 1, Harlan Carvey ([EMAIL PROTECTED]) typed:
FD: Where in the Registry did you find it? Which key(s)?
FD: What about this makes you think it's a Trojan? Did
FD: you run fport/openports and fin
> google came back with a forum to do with sdbot; however, the file was
> listed as "Morphine".
Morphine is not a virus or malware in itself, it's a tool for PE binary en-
cryption, self-decrypting on execution. It actually places the whole
source image into the .data section of a newly produced
You can run it through http://www.virustotal.com and if it catch anything.
J
S.A. Birl wrote:
Hello all:
Recently discovered a trojan(? - possibly a virus) called msrtwd.exe.
It's listed in the Registry as "Microsoft Update Loader"
Does anyone know anything about this? Google doesnt offer much.
T
> Recently discovered a trojan(? - possibly a virus)
> called msrtwd.exe.
> It's listed in the Registry as "Microsoft Update
> Loader"
>
> Does anyone know anything about this? Google
> doesnt offer much.
Where in the Registry did you find it? Which key(s)?
What about this makes you think it
google came back with a forum to do with sdbot; however, the file was
listed as "Morphine".
I saw a copy of one of the recent worms which had generated a very
large number of exe's which all had previously uncaptured names.
If it's not being picked up by your virus scanner, send it to their
team,
On Wed, 1 Sep 2004 15:08:56, Scott Birl wrote:
> Recently discovered a trojan(? - possibly a virus) called msrtwd.exe.
> It's listed in the Registry as "Microsoft Update Loader"
>
> Does anyone know anything about this? Google doesnt offer much.
We saw an Rbot variant spreading on August 23 with
Hello all:
Recently discovered a trojan(? - possibly a virus) called msrtwd.exe.
It's listed in the Registry as "Microsoft Update Loader"
Does anyone know anything about this? Google doesnt offer much.
Thanks
Scott Birl http://concept.temple.edu/sysadmin/
Senio
, 2004 2:09 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Microsoft Update Loader msrtwd.exe
Hello all:
Recently discovered a trojan(? - possibly a virus) called msrtwd.exe.
It's listed in the Registry as "Microsoft Update Loader"
Does anyone know anything about this? Goog
10 matches
Mail list logo