Re: NetDevil - ADVAPI
From: bclay (bclay_at_discussions.microsoft.com)
Date: 01/22/05
- Next message: Ian Kenefick: "Re: Patch status"
- Previous message: bclay: "NetDevil - ADVAPI"
- In reply to: Ian Kenefick: "Re: NetDevil - ADVAPI"
- Next in thread: Ian Kenefick: "Re: NetDevil - ADVAPI"
- Reply: Ian Kenefick: "Re: NetDevil - ADVAPI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Jan 2005 16:59:04 -0800
"Ian Kenefick" wrote:
> On Fri, 21 Jan 2005 15:53:03 -0800, "bclay"
> <bclay@discussions.microsoft.com> wrote:
>
> >Every reference with a Google search for ADVAPI came up with the Netdevil
> >virus. A subsequent Technet search found one hit - apparently ADVAPI is a
> >Kerberos component in AD.
> >
> >The massive logon attempts, still disconcerting.
>
> The massive login attempts are explained by the fact that netdevil is
> a RAT - Remote Access Trojan. Can you capture a sample and send for
> analysis to your AV vendor? If you can, do this! - and for an instant
> analysis send it to scan[at]virustotal.com with subjectline 'SCAN'
> without the inverted commas (replace [at] with @).
>
> Post back with results!
>
> Regards,
> Ian Kenefick
> http://www.IK-CS.com
>
Questions-
1. You said RAT - is this an external trojan attempting to logon via web
services?
2. Capture a sample - do you mean a capture of the public traffic to this
server during logon attempts?
thx-
- Next message: Ian Kenefick: "Re: Patch status"
- Previous message: bclay: "NetDevil - ADVAPI"
- In reply to: Ian Kenefick: "Re: NetDevil - ADVAPI"
- Next in thread: Ian Kenefick: "Re: NetDevil - ADVAPI"
- Reply: Ian Kenefick: "Re: NetDevil - ADVAPI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
