Vulnerability Development mailing list archives
Re: The Cleaner reports WinPCap contains WinRAT trojan
From: "Ryan Verner" <xfesty () computeraddictions com au>
Date: Sun, 17 Feb 2002 03:49:52 +1030
My guess is that the trojan may use code from WinPCap, rather then the other way around. - xfesty --=-- :: Ryan Verner :: xfesty/irc.whackpack.com :: :: ICQ :: 76626240 :: :: <festy () 2xstreams com> :: :: <xfesty () whackpack com> :: :: "I'm stuck in this dream; its changing me. I am becoming." :: ----- Original Message ----- From: "dumbwabbit" <dumbwabbit () yahoo com> To: <vuln-dev () securityfocus com>; <focus-virus () securityfocus com>; <security-basics () securityfocus com> Sent: Sunday, February 17, 2002 12:35 AM Subject: The Cleaner reports WinPCap contains WinRAT trojan | Forgive the cross-posting, but I think this *may* | merit it. | | WinPCap is a packet capture driver/architecture for | Windows platform, allowing Windows users to do such | things as run NMapNT, the NT port of Nmap. | | Upon scanning a file archive on one of my pen testing | laptops, using the latest updated version of The | Cleaner (a trojan AV product from MooSoft), The | Cleaner reports that versions 2.01, 2.1, 2.2, and 2.3 | beta, along with the Developer Pack of WinPCap are all | infected with or contain the WinRAT (aka Windows | Remote Administration Toolkit) client/server trojan. I | "tested" this further by re-downloading the WinPCap | files from the original website, located at: | http://netgroup-serv.polito.it/winpcap/install/default.htm | All files downloaded from this location scanned by The | Cleaner are reported as containing WinRAT. | | I have sent copies of these files to MooSoft asking if | they can verify this, and I have emailed the authors | of WinPCap as well. That was 3 days ago. | | McAfee VirusScan 4.51 and 6, both with latest DATs | (4186) do not find anything. | I do not have access currently to Norton or Trend or | another AV product. | I also cannot find any helpful information about the | WinRAT trojan online (MooSoft's description contains | absolutely NO information regarding this trojan other | than listing it - see | http://www.moosoft.com/winrat.php). | I have not yet heard back from WinPCap authors, nor | MooSoft. Therefore, I would like to ask if anyone else | can verify or disprove this "finding". | | __________________________________________________ | Do You Yahoo!? | Yahoo! Sports - Coverage of the 2002 Olympic Games | http://sports.yahoo.com |
Current thread:
- The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)
- RE: The Cleaner reports WinPCap contains WinRAT trojan Brenna Primrose (Feb 16)
- Re: The Cleaner reports WinPCap contains WinRAT trojan Gideon Lenkey (Feb 16)
- Re: The Cleaner reports WinPCap contains WinRAT trojan Ryan Verner (Feb 16)
- Update: The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)
- <Possible follow-ups>
- Fwd: Re: The Cleaner reports WinPCap contains WinRAT trojan dumbwabbit (Feb 16)