Full Disclosure mailing list archives
Re: Subject: Some suspicious files
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sat, 1 May 2004 11:27:18 -0700
sneaker
possibly a beta version of a connect back trojan. seems to be able to use a website to transfer information between the attacker and the infected machine.
appredir-username=some_irc_guy client version=sneaker_0.19 cmd-url=http://1337suxx0r.ath.cx:580/hack/sneaker/cmd.php=login-url=http://1337s uxx0r.ath.cx:580/hack/sneaker/login.php opfer-info=some_irc_guy /s7regkey={13371337-1337-1337-1337-133713371337} <SubSeven Startup Method (requires Config Setting "s7regkey") m.w _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Subject: Some suspicious files Marcel Krause (May 01)
- Re: Subject: Some suspicious files dila (May 01)
- Re: Subject: Some suspicious files morning_wood (May 01)
- Re: Subject: Some suspicious files Marcel Krause (May 01)
- Re: Subject: Some suspicious files dila (May 01)