[13079] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Warning to bugtraq posters.

daemon@ATHENA.MIT.EDU (Steven Alexander)
Thu Dec 23 14:37:33 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <000901bf4c9d$42fbadf0$0100007f@localhost.cell2000.net>
Date:         Wed, 22 Dec 1999 08:54:48 -0800
Reply-To: Steven Alexander <steve@cell2000.net>
From: Steven Alexander <steve@CELL2000.NET>
X-To:         aleph1@UNDERGROUND.ORG
To: BUGTRAQ@SECURITYFOCUS.COM

It appears that the file I received installs a new goal.exe in C:\Winnt
which is set to run on startup.  Disassembly of the file reveals that it
gathers information about my machine from the registry and attempts to
recover my netscape password from prefs.js.  It then emails the information
to mike@aol.com.  I will post a dissasembly of both files on my website
http://www.cell2000.net/security/

-steven alexander


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13079] in bugtraq

Re: Warning to bugtraq posters.

daemon@ATHENA.MIT.EDU (Steven Alexander)Thu Dec 23 14:37:33 1999

daemon@ATHENA.MIT.EDU (Steven Alexander)
Thu Dec 23 14:37:33 1999