[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] Heads up: Possible lsass worm in the wild
From:       Feher Tamas <etomcat () freemail ! hu>
Date:       2004-04-30 9:25:09
Message-ID: freemail.20040330112509.27977 () fm12 ! freemail ! hu
[Download RAW message or body]

Hello,

> for those interested in a sample, it may be obtained at
> http://exploit.nothackers.org/msiwin84-lsass.zip

Kaspersky AV say: Agobot.GEN (heuristic match)
Trend Micro AV says: WORM_AGOBOT.JF (exact match)

Detailed description for this variant:
"http://uk.trendmicro-
europe.com/enterprise/security_info/ve_detail.php?
id=58902&VName=WORM_AGOBOT.JF"

BTW, Trend Micro says the Agobot (alias Gaobot/Phatbot) malware 
family has over 900 variants. F-Secure says there are 450 members. 
Anyhow, there are many subtle variants and Agobot is the most 
populous family ever. VXers willing, it may even reach Agobot.JFK some 
time...

Sincerely: Tamas Feher.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]