Re: [Full-Disclosure] another new worm submission

From: Christoph Gruber (christoph.gruber_at_wave-solutions.com)
Date: 06/07/04

  • Next message: http-equiv_at_excite.com: "[Full-Disclosure] TREND MICRO: The Protector Becomes The Vector Take II"
    To: "Perrymon, Josh L." <PerrymonJ@bek.com>
    Date: Mon, 7 Jun 2004 14:06:21 +0200
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Josh wrote 04.06.2004 21:11:26:

    > http://www.detroit-x.com/analysis.htm
    >
    > This is something we found this morning. I have packet captures
    > that I will post.
    > I have attached the infected files found with FPORT and also
    > registry entries.
    >
    > We found this rebooting machines with the LSASS.exe error similar
    > to Sasser. As of 6/4/2004 we found no virus defs to pick it up.
    >
    >
    > Joshua Perrymon
    > Sr. Network Security Consultant

    Hi there!

    There is another Registry-entry:

    Cheers!

    - --
    Christoph Gruber, Senior Security Architect
    WAVE Solutions Information Technology GmbH
    Nordbergstrasse 13, A - 1090 Wien, Austria
    christoph.gruber@wave-solutions.com
    Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1
    PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3 C2DF 435A C85C 558E D42B

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQA/AwUBQMRaFkNayFxVjtQrEQKmYwCg4ufJbS1o/5/C73FUSzBQ+D77OXsAoMLD
    82mFBEHVI5D0bGtwTIoLQx9G
    =SKaL
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: http-equiv_at_excite.com: "[Full-Disclosure] TREND MICRO: The Protector Becomes The Vector Take II"