Re: Unusual registry entries
From: Brad (gryphonn_at_austarnet.com.au)
Date: 06/20/03
- Previous message: Andrew Ruef: "RE: chkrootkit and LKM?"
- In reply to: btraquer_at_att.net: "Unusual registry entries"
- Next in thread: Jasmine: "Re: Unusual registry entries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: btraquer@att.net, incidents@securityfocus.com Date: Fri, 20 Jun 2003 13:25:12 +1000
On 19 Jun 2003 at 20:14, btraquer@att.net wrote:
From: btraquer@att.net
To: incidents@securityfocus.com
Subject: Unusual registry entries
Date sent: Thu, 19 Jun 2003 20:14:35 +0000
> Today, while installing an app on a 98 box, we noticed that the user name and
> organization that Windows was registered to was quite unusual. The registry
> key, HKLM-->Software-->Microsoft-->Windows-->CurrentVersion showed the following:
>
> RegisteredOwner: Forger
> RegisteredOrganization: RedTeam Art & Dev Lab
>
>
> Have any of you ever seen or heard of anything like this before?
>
> A search on Google only brought up four hits when I searched for redteam
> +forger. Had no luck using any other search. Found some light info about 2
> viruses that had one or the other in the name, but couldn't any definitive info
> about either.
Virus search results (minimal search):
http://www.f-secure.com/v-descs/vcl.shtml
http://www.avp.ch/avpve/newexe/windows/redteam.stm
Note that besides the Redteam kit, the worm itself is rather old.
How much do you know of the history of the box, because the entries
may have been there for a while.
Cheers,
Brad
>
> No unusual apps/processess "appear" to be installed/running and nothing unusual
> appeared during a review of the system, but this is still very interesting...
>
> If you have any info about this it would be greatly appreciated!!
>
> Thanks!
> Gene
>
> ----------------------------------------------------------------------------
> Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
> world's premier technical IT security event! 10 tracks, 15 training sessions,
> 1,800 delegates from 30 nations including all of the top experts, from CSO's to
> "underground" security specialists. See for yourself what the buzz is about!
> Early-bird registration ends July 3. This event will sell out. www.blackhat.com
> ----------------------------------------------------------------------------
>
Gryphonn Design
Custom Computers
Anti-virus and Security services
E: gryphonn@austarnet.com.au
This message has a short disclaimer.
It is designed to piss off those people
who think 134 bytes of ASCII
is a waste of bandwidth.
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Andrew Ruef: "RE: chkrootkit and LKM?"
- In reply to: btraquer_at_att.net: "Unusual registry entries"
- Next in thread: Jasmine: "Re: Unusual registry entries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
