I believe someone else mentioned this site on this list (not sure), but have you tried running it through www.VirusTotal.com? A nice place for a quick 2nd opinion. If you want to email me a copy of it, I'll rip it apart and see what can be seen.
P.S. Send it to [EMAIL PROTECTED] - it's my "catch all" for virus/unknown files. Just be sure to ZIP it up or else the web host won't let it through. Otherwise I have disabled all checks/scan. Downloads directly to a secured Linux box. -- Peace. ~G On Thu, 2 Sep 2004 15:33:17 +0200 (CEST), bashis <[EMAIL PROTECTED]> wrote: > Hi > > Anyone heard about a file called "win2kup2date.exe" ? > (Google says nothing found..;) > > I did a controlled test with a XP Pro box w/o patches on Inet > and this little thingy came on my testbox thrue some sort of RPC exploit, > tftp'ed down this file from connecting machine, started with SYSTEM, > and tries to connect up to IRC. > > McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find > any strange with this file.. > > That was actually my test, v8.0 of McAfee virusscan have a future of > "buffer overflow protection", it stopped the wellknown public RPC/DCOM > exploit, but not the exploit that putted "win2kup2date.exe" on my testbox. > > Well, so mutch for the new "buffer overflow protection" future.. crap.. ;) > > Have a nice day > /bashis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
