[31134] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

rpc sdbot

daemon@ATHENA.MIT.EDU (Daniel Otis-Vigil)
Wed Aug 13 13:20:41 2003

Message-Id: <5.2.1.1.2.20030813110012.02b02430@moosoft.com>
Date: Wed, 13 Aug 2003 11:04:25 -0600
To: bugtraq@securityfocus.org
From: Daniel Otis-Vigil <dvigil@moosoft.com>
Mime-Version: 1.0
Content-Type: text/plain; x-avg-checked=avg-ok-32271344; charset=us-ascii; format=flowed

This sdbot variant has been spreading around Undernet and is a combination 
of the msblast worm, sdbot and spybot.  It installs as a service and 
triggers WFP which I think was a mistake.  Termination of the process 
causes an  immediate reboot.

Samples are available here: http://www.moosoft.com/thecleaner/rcpsdbot.zip
password is: infected

Daniel Otis-Vigil
MooSoft Development LLC
http://www.moosoft.com/thecleaner


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31134] in bugtraq

rpc sdbot

daemon@ATHENA.MIT.EDU (Daniel Otis-Vigil)Wed Aug 13 13:20:41 2003

daemon@ATHENA.MIT.EDU (Daniel Otis-Vigil)
Wed Aug 13 13:20:41 2003