Re: Remote Shell Trojan: Threat, Origin and the Solution
From: Patrick Andry (pandry@wolverinefreight.ca)Date: 09/10/01
- Previous message: John Campbell: "RE: Recent Increase in Port 139 Activity"
- Maybe in reply to: kai takashi: "Remote Shell Trojan: Threat, Origin and the Solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B9CFAA0.2060409@wolverinefreight.ca> Date: Mon, 10 Sep 2001 13:38:40 -0400 From: Patrick Andry <pandry@wolverinefreight.ca> To: bugtraq@securityfocus.com Subject: Re: Remote Shell Trojan: Threat, Origin and the Solution
Kevin Gagel wrote:
>Has any expert c programers examined the c code to see if it actually
>does what the remarks say?
>I am suspicious of anything that is posted anonymously no matter how
>well it's documented. I
>don't know C well enough to tell if the documentation is accurately
>portraying what the code is
>really doing.
>
>If it's not then this a one very well crafted "socially engineered"
>virus...
>
The best I can tell, it isn't reading in any weird strings. The most it
looks like it's doing is removing parts of the file in 4k chunks.
Can anyone else verify this?
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: John Campbell: "RE: Recent Increase in Port 139 Activity"
- Maybe in reply to: kai takashi: "Remote Shell Trojan: Threat, Origin and the Solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
