Kristian Hermansen wrote: > I think I've seen this one before. Some keywords that come to mind are APRE > (Advanced Port Redirection Engine), Assassin 2.0, and the site that hosts > those files (forget the name). These guys code Trojans for $$$!!! But they > also offer free tools to make Trojans and it looks like this one is using > those tools by what you described (especially when attaching to IE process, > which is its default option to bypass Application Protection!!!). The app > protection would catch it if it were utilizing MD5 versus file names > (dumb)...
>From what I understand, it injects itself into the running process, not the executable, so checking MD5 hash's would yeild nothing in this case. > APRE tool: http://www.megasecurity.org/trojans/a/apre/Apre1.0.html > Trojans for $$$ website: ????? www.evileyesoftware.com. Kind Regards, Chris Rose _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
