[35297] in bugtraq
RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection
daemon@ATHENA.MIT.EDU (Drew Copley)
Tue Jun 15 01:51:41 2004
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Mon, 14 Jun 2004 10:47:14 -0700
Message-ID: <FCAD9F541A8E8A44881527A6792F892C10CD9E@owa.eeye.com>
From: "Drew Copley" <dcopley@eEye.com>
To: "Rusty Chiles" <rustychiles@cox.net>, <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
> -----Original Message-----
> From: Rusty Chiles [mailto:rustychiles@cox.net]
> Sent: Thursday, June 03, 2004 3:35 PM
> To: bugtraq@securityfocus.com
> Subject: New IRC Trojan -Symantec and Trend Micro Unable To
> Stop Infection
>
> It seems that a new trojan is making the rounds on irc.
> Nobody else seems to have figured it out yet, as there is no antivirus
> pattern out.
<snip>
getRealShell -> http://62.131.86.111/analysis.htm
Looks like straight from the aforementioned zero day spyware installer
in the wild.
This is pretty fast modification of the worm considering the spyware
distributor likely did not do this.
In fact, one is googled:
http://www.google.com/search?hl=en&ie=UTF-8&q=getRealShell&btnG=Google+S
earch
Here's a free fix which I made ten months ago for the adodb issue which
this and other vulnerabilities have used since then, re-released:
http://www.eeye.com/html/research/alerts/AL20040610.html
