"webmoney" trojan and COM interface analysis
From: Pierre Vandevenne (pierre@datarescue.com)
Date: 03/21/03
- Previous message: Johannes Ullrich: "Re: Nimda.E/unknown memory resident, internet-aware processes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Mar 2003 00:56:03 +0100 From: Pierre Vandevenne <pierre@datarescue.com> To: incidents@securityfocus.com
Hello incidents,
We have analyzed a trojan that was spammed on us early this week.
Not really a big news in itself as similar beasts are seen on a
regular basis but since COM based hostile code is notoriously hard to
analyze statically, we have published some details that could help
other analysts facing similar trojans
www.datarescue.com/idabase/greetings is the place. We have put a
basic text description of the trojan and documented our in-depth
analysis with a couple of IDA databases and their equivalent listings
in pure text mode.
-- Best regards, Pierre mailto:pierre@datarescue.com www.datarescue.com/idabase - home of the IDA Pro Disassembler IDA Pro: the undisputed leader in hostile code analysis ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Previous message: Johannes Ullrich: "Re: Nimda.E/unknown memory resident, internet-aware processes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
