VirusTotal identified if as another Rbot/SDBot. Good questions Barry - things one should also do or answer when questioning what something is.
-- Peace. ~G On Thu, 2 Sep 2004 13:35:00 -0400, James Patterson Wicks <[EMAIL PROTECTED]> wrote: > French site > (http://www.commentcamarche.net/forum/affich-975065-%5Balerte%5D-win2kup > 2date-exe-new-virus) said that he had a shutdown after 60 seconds, > thought it was a Blaster variant. > > Just passing on information. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of bashis > Sent: Thursday, September 02, 2004 9:33 AM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] win2kup2date.exe ? > > Hi > > Anyone heard about a file called "win2kup2date.exe" ? > (Google says nothing found..;) > > I did a controlled test with a XP Pro box w/o patches on Inet > and this little thingy came on my testbox thrue some sort of RPC > exploit, > tftp'ed down this file from connecting machine, started with SYSTEM, > and tries to connect up to IRC. > > McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find > any strange with this file.. > > That was actually my test, v8.0 of McAfee virusscan have a future of > "buffer overflow protection", it stopped the wellknown public RPC/DCOM > exploit, but not the exploit that putted "win2kup2date.exe" on my > testbox. > > Well, so mutch for the new "buffer overflow protection" future.. crap.. > ;) > > Have a nice day > /bashis > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > This e-mail is the property of Oxygen Media, LLC. It is intended only for the > person or entity to which it is addressed and may contain information that is > privileged, confidential, or otherwise protected from disclosure. Distribution or > copying of this e-mail or the information contained herein by anyone other than the > intended recipient is prohibited. If you have received this e-mail in error, please > immediately notify us by sending an e-mail to [EMAIL PROTECTED] and destroy all > electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
