[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SV: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box

To: "'Petr Stetiar'" <ynezz@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: SV: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box
From: "Peter Kruse" <kruse@xxxxxxxxxxxxxxxx>
Date: Sun, 14 Sep 2003 22:39:03 +0200

Hi Petr,

The code provided is a variant of Optix backdoor. A typical RAT that
would allow a malicious user to gain access to your system.

You should be able to search google, or whatever search-engine you
choose, for Optix+backdoor. This will give you several hits ;-) 

Med venlig hilsen // Kind regards

Peter Kruse
Kruse Security
http://www.krusesecurity.dk

> -----Oprindelig meddelelse-----
> Fra: full-disclosure-admin@xxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] På vegne af 
> Petr Stetiar
> Sendt: 14. september 2003 21:57
> Til: full-disclosure@xxxxxxxxxxxxxxxx
> Emne: [Full-Disclosure] [TROJAN Win32] Can't identify trojan 
> found on Win98SE box
> 
> 
> Hi ALL,
> 
> I've found one trojan horse or whatever it is on one Win98SE 
> box today. I tried to find some info about it on google but 
> didn't found anything.
> 
> This file was found in C:\Windows\System directory.
> There were 2 unknown files to me actualy: msi2xec16.exe and 
> mpldfg.exe (both same size and content, verified by MD5)
> 
> You can download this file here:
> 
http://takjo.net/mpldfg.exe-

win.ini
----------cut--------------
run=C:\WINDOWS\SYSTEM\MSI2XEC16.EXE
----------cut--------------

The same path was found also in registry under RUN key, if someone wants
full key I can post it later.


I'm just curious what kind of trojan it is, because I dont have
motivation to do anything on m$ powered "OS", but maybe someone...



Cheers,

Petr

-- 
     (__)
--------------------------+------------------------------------------`
     (@@)  ynezz[at]hysteria[dot]sk | Customer: "I'm running WindowsXP
SP39g"  |
 /----\/  - * - * - * - * - * - * - | Tech: "Yes"
|
| |  ||    irc://ynezz@ircnet       | Customer: "My computer isn't
working now"|
* ||-||    icq: 923432434           | Tech: "Yes, you said that"
|
  ^^ ^^
----------------------------+------------------------------------------'

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box
  - From: Petr Stetiar

Prev by Date: [Full-Disclosure] IIS6 Security Issues
Next by Date: Re: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box
Previous by thread: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box
Next by thread: [Full-Disclosure] [TROJAN Win32] Can't identify trojan found on Win98SE box
Index(es):
- Date
- Thread