I have seen a little of this worm/trojan as well... same IP, Unreal v3.2 IRC
server.
I am leaning to the same conclusion as Josh. Note: I said leaning, not
completely convinced. I have seen in the IRC traffic some references to
lsass, including what I think might be the command-line to instruct
Then why not find a friend in germany and pretend to plan a biological
attack?
See how un-monitored and private it is then-:)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 03, 2004 12:25 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
New York City Security Shindig 2
Security Shindigs are ways for technical people in the Information
Security
industry to get together, view an informative technical presentation, and
otherwise have a good time.
Date/Time: Monday June 14th, 6pm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 514-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
June 4th, 2004
__
Integrigy Security Alert
__
Oracle E-Business Suite - Multiple SQL Injection Vulnerabilities
June 3, 2004
I am out of office until 10th of June, please be patient
with the email correspondence to catch up.
derek holzer
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
###
Luigi Auriemma
Application: Colin McRae Rally 04
http://www.codemasters.com/colinmcraerally04/
Versions: 1.0
Platforms:Windows
Bug: bad allocation (?)
Risk:
http://www.detroit-x.com/analysis.htm
This is something we found this morning. I have packet captures that I will
post.
I have attached the infected files found with FPORT and also registry
entries.
We found this rebooting machines with the LSASS.exe error similar to Sasser.
As of 6/4/2004 we
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All versions of l2tpd contain a bss-based buffer overflow. After
circumventing some minor obstacles (i.e., faking a L2TP tunnel
establishment) the overflow can be triggered by sending a specially
crafted packet.
The crucial code can be found in write_packet() in control.c:
static unsigned
Perrymon, Josh L. wrote:
http://www.detroit-x.com/analysis.htm
This is something we found this morning. I have packet captures that I will
post.
I have attached the infected files found with FPORT and also registry
entries.
We found this rebooting machines with the LSASS.exe error similar to
--On Friday, June 04, 2004 03:55:05 PM -0500 insecure
[EMAIL PROTECTED] wrote:
McAfee 7.1.0 with DAT 4364 (6/2/04) detects it as BackDoor-CCT. This is
not a worm, it's a trojan. Your systems are being remotely compromised,
possibly with an auto-rooter targeting the lsass vulnerability, which
--__--__--
Message: 21
Date: Fri, 04 Jun 2004 00:08:23 +0200
From: Axel Pettinger [EMAIL PROTECTED]
Organization: API
To: Perrymon, Josh L. [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] anyone seen this worm/trojan before?
Perrymon, Josh L. wrote:
I found this worm/
~~
Cyrillium Security Advisory CYSA-0329 [EMAIL PROTECTED]
http://www.cyrillium.com/Cyrillium Security Solutions and Services
April 29th, 2004
Paul Schmehl wrote:
--On Friday, June 04, 2004 03:55:05 PM -0500 insecure
[EMAIL PROTECTED] wrote:
McAfee 7.1.0 with DAT 4364 (6/2/04) detects it as BackDoor-CCT. This is
not a worm, it's a trojan. Your systems are being remotely compromised,
possibly with an auto-rooter targeting the lsass
Anyone know anyone at weather.com?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Then why not find a friend in germany and pretend to plan a biological
attack?
See how un-monitored and private it is then-:)
worth a try for securitys sake ? yes!
Delivered using the Free Personal Edition of
17 matches
Mail list logo