[8061] in bugtraq
"theipspoof.zip" is a trojan
daemon@ATHENA.MIT.EDU (Ken Williams)
Mon Sep 28 17:27:27 1998
Date: Mon, 28 Sep 1998 16:19:15 -0400
Reply-To: Ken Williams <jkwilli2@UNITY.NCSU.EDU>
From: Ken Williams <jkwilli2@UNITY.NCSU.EDU>
X-To: EChien@symantec.com, security@ntshop.net, ntsecurity@iss.net
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
Hi,
"theipspoof.zip" is another Back Orifice trojan masquerading as a
"point & click, automagical IP spoofer". It is currently being
distributed on underground web sites and is billed as the latest
and greatest IP spoofing tool with a neato GUI.
/---------------\
| Brief Details |
\---------------/
file sizes
----------
theipspoof.zip 310229
Spoof.dmo 124928
IPSpoof.exe 64000
md5 checksums
-------------
MD5 (/tmp/theipspoof.zip) = 931e7e31a1e3b8ec0f519b5f846b1d31
MD5 (/tmp/Spoof.dmo) = ea44ad07faaf4352a7fda78d3a7d4563
MD5 (/tmp/IPSpoof.exe) = 4c2aa980adca9683f8e6fe23a89e53a6
trojan
------
Back Orifice with Butt Trumpet plugin.
i'm hungry. time for lunch.
Regards,
Ken Williams
Packet Storm Security http://www.Genocide2600.com/~tattooman/index.shtml
E.H.A.P. Corporation http://www.ehap.org/ ehap@ehap.org info@ehap.org
NCSU Comp Sci Dept http://www.csc.ncsu.edu/ jkwilli2@adm.csc.ncsu.edu
PGP DSS/DH/RSA Keys http://www.genocide2600.com/cgi-bin/finger?tattooman
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQEVAwUBNg/sjJDw1ZsNz1IXAQGc2wf/aT9ASfU98X/3o/471auF4UVsHfiVDUml
+UcVbG05yM3qjCxTG6Xvg8v5Sf7RUFPQsdDg7IEA70egK3qOe/zYEtuPrB6oUT5e
CdwJpsIgbRtIgp29VaZPjBO+HDOKu1OIiDpH61HSt01FYr/F1nk1pIIJQMMH1nJX
4I8ccPL97kvJhD30+uHzDaa/4Ao4wNsCIsdnzjySOjiPPfaPkK7eZpmqPaEft3dC
HLRwDFVSefGMEdxJuAcpeqlsHbkvOKgL5jDkqh2dW6rZl4KRbUXTKcmVykGik+z5
39g9ltljb6FoQA8P/Xm24bPk+IGwH9JPVtMQsXRFo4IKxznl5eJVUA==
=IHvU
-----END PGP SIGNATURE-----
