Unusual registry entries

btraquer_at_att.net
Date: 06/19/03

  • Next message: James C. Slora, Jr.: "RE: sdbot variant and WS 55808 activity" 
    To: incidents@securityfocus.com
Date: Thu, 19 Jun 2003 20:14:35 +0000

    Today, while installing an app on a 98 box, we noticed that the user name and
    organization that Windows was registered to was quite unusual. The registry
    key, HKLM-->Software-->Microsoft-->Windows-->CurrentVersion showed the following:

    RegisteredOwner: Forger
    RegisteredOrganization: RedTeam Art & Dev Lab

    Have any of you ever seen or heard of anything like this before?

    A search on Google only brought up four hits when I searched for redteam
    +forger. Had no luck using any other search. Found some light info about 2
    viruses that had one or the other in the name, but couldn't any definitive info
    about either.

    No unusual apps/processess "appear" to be installed/running and nothing unusual
    appeared during a review of the system, but this is still very interesting...

    If you have any info about this it would be greatly appreciated!!

    Thanks!
    Gene

    ----------------------------------------------------------------------------
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
    world's premier technical IT security event! 10 tracks, 15 training sessions,
    1,800 delegates from 30 nations including all of the top experts, from CSO's to
    "underground" security specialists. See for yourself what the buzz is about!
    Early-bird registration ends July 3. This event will sell out. www.blackhat.com
    ----------------------------------------------------------------------------

  • Next message: James C. Slora, Jr.: "RE: sdbot variant and WS 55808 activity"