RE: Can anyone identify this backdoor?

From: Ian Webb (iwebbat_private)
Date: Sun Jul 21 2002 - 22:34:56 PDT

Next message: Yaakov Yehudi: "Re: China Experience ?"

Previous message: Nick FitzGerald: "Re: China Experience ?"
In reply to: Richard Bartlett: "RE: Can anyone identify this backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The cmd.exe in cc.zip is the cmd.exe from NT4 SP6a. I just did a FC on a
copy extracted from the Service Pack and it's exactly the same.

-----Original Message-----
From: Richard Bartlett [mailto:richardat_private] 
Sent: Thursday, July 11, 2002 6:33 PM
To: Matt Andreko; incidentsat_private
Subject: RE: Can anyone identify this backdoor?

Matt,

I've done a quick analysis on this and come up with the following;

<snip>
 C:\recycler\CMD.EXE (possibley geniune cmd.exe from a version of
NT/2K/XP,
source unknown)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Yaakov Yehudi: "Re: China Experience ?"
Previous message: Nick FitzGerald: "Re: China Experience ?"
In reply to: Richard Bartlett: "RE: Can anyone identify this backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 08:36:20 PDT