[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-Disclosure] Heads up: Possible lsass worm in the wild
From: Feher Tamas <etomcat () freemail ! hu>
Date: 2004-04-30 9:25:09
Message-ID: freemail.20040330112509.27977 () fm12 ! freemail ! hu
[Download RAW message or body]
Hello,
> for those interested in a sample, it may be obtained at
> http://exploit.nothackers.org/msiwin84-lsass.zip
Kaspersky AV say: Agobot.GEN (heuristic match)
Trend Micro AV says: WORM_AGOBOT.JF (exact match)
Detailed description for this variant:
"http://uk.trendmicro-
europe.com/enterprise/security_info/ve_detail.php?
id=58902&VName=WORM_AGOBOT.JF"
BTW, Trend Micro says the Agobot (alias Gaobot/Phatbot) malware
family has over 900 variants. F-Secure says there are 450 members.
Anyhow, there are many subtle variants and Agobot is the most
populous family ever. VXers willing, it may even reach Agobot.JFK some
time...
Sincerely: Tamas Feher.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic