Clicktilluwin DLDER Trojan

From: jon@kirkbrideonline.com
Date: 12/31/01 

Date: 31 Dec 2001 15:04:15 -0000
From: <jon@kirkbrideonline.com>
To: vuln-dev@securityfocus.com
('binary' encoding is not supported, stored as-is)

In-Reply-To: <20011230032402.5229.qmail@mail.securityfocus.com>

I found this vulnerability in the latest Limewire 2.0.2
gnutella client download. This crap gets installed
whether you like it or not. On my WinXP machine, it
was running a new service called bargains.exe that
was located in c:\program files\bargain buddy. The
dlder.exe file resides in C:\windows. I deleted the files
before I looked at their content but there appeard to
be some DB type files in the folder. Norton's latests
pattern files (12/29) will detect the dlder.exe file but
there's no info on their website about it yet. Anyone
have a handle on what this thing is doing?

Relevant Pages

  • [NEWS] LimeWire Gnutella Client Directory Traversal and File Disclosure
    ... LimeWire allows you to share any ... File Disclosure Vulnerability (Inappropriate handling of "resource get" ... Gnutella "push style" requests is also ... The files accessible to a remote attacker include all ...
    (Securiteam)
  • LimeWire Gnutella client two vulnerabilities
    ... Recent versions of the LimeWire client contain vulnerabilities that allow a remote user access to many or all files on a users machine. ... This problem has been fixed in the recently released LimeWire versions 4.6.0 and later, which were released promptly by Lime Wire LLC after we informed them of the vulnerability. ...
    (Bugtraq)
  • Re: Info WGA sends to MS
    ... from this "vulnerability". ... Windoze boxes are crashing constantly due ... Linux boxes ... ... The idea that Ken Thompson would make up things or "talk crap" just shows ...
    (microsoft.public.windowsxp.general)