[Full-Disclosure] Heads up: Possible lsass worm in the wild

From: Feher Tamas (etomcat_at_freemail.hu)
Date: 04/30/04

Next message: Feher Tamas: "[Full-Disclosure] Heads up: Possible lsass worm in the wild"

Previous message: morning_wood: "[Full-Disclosure] McAfee Website XSS"
Next in thread: Randal, Phil: "RE: [Full-Disclosure] Heads up: Possible lsass worm in the wild"
Maybe reply: Randal, Phil: "RE: [Full-Disclosure] Heads up: Possible lsass worm in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Fri, 30 Apr 2004 11:25:09 +0200 (CEST)

Hello,

> for those interested in a sample, it may be obtained at
> http://exploit.nothackers.org/msiwin84-lsass.zip

Kaspersky AV say: Agobot.GEN (heuristic match)
Trend Micro AV says: WORM_AGOBOT.JF (exact match)

Detailed description for this variant:
"http://uk.trendmicro-
europe.com/enterprise/security_info/ve_detail.php?
id=58902&VName=WORM_AGOBOT.JF"

BTW, Trend Micro says the Agobot (alias Gaobot/Phatbot) malware
family has over 900 variants. F-Secure says there are 450 members.
Anyhow, there are many subtle variants and Agobot is the most
populous family ever. VXers willing, it may even reach Agobot.JFK some
time...

Sincerely: Tamas Feher.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Feher Tamas: "[Full-Disclosure] Heads up: Possible lsass worm in the wild"

Previous message: morning_wood: "[Full-Disclosure] McAfee Website XSS"
Next in thread: Randal, Phil: "RE: [Full-Disclosure] Heads up: Possible lsass worm in the wild"
Maybe reply: Randal, Phil: "RE: [Full-Disclosure] Heads up: Possible lsass worm in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]