Full Disclosure mailing list archives
RE: What is this
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Mon, 8 Aug 2005 22:02:50 +0200
Hi,
It is an MS-EXE executable program. Anti virus doesn't find it because it is not an virus. Spybot for the same reason. To block these you need an smtp policy that does not allow executable attachments to incoming emails.
As a matter of fact this is a new sdbot variant. It does pretty much the same as any other sdbot variant outthere: It allows the author of the code and others to control the infected host. Kind regards Peter Kruse _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this trains (Aug 08)
- Re: What is this Michael Hale (Aug 08)
- Re: What is this Ron (Aug 08)
- RE: What is this Peter Kruse (Aug 08)
- Re: What is this Michael Hale (Aug 08)
- Re: What is this Jeremy (Aug 08)
- RE: What is this Aditya Deshmukh (Aug 08)
- <Possible follow-ups>
- RE: What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this Feher Tamas (Aug 09)
- Re: What is this trains (Aug 08)