Michael Thompson <mikeat_private> wrote: > lsass.exe is the Microsoft Secure Storage for 2000/NT and XP. It is > responsable for managing secure storage in those enviroments. Even when it is being scripted via an old IIS exploit to be copied around the Internet? Even when it is only about 9KB and the one in Win2K SP3 is 33,552 bytes? Come on -- a rudimentary analysis of the situation without even seeing the file suggests that is not the case _here_. Then, when you look at the file that is being rcp-ed around, the first thing you notice is that it is UPX packed -- again, something MS is not renowned for doing to its core OS components but something commonly done to obfuscate malware from casual analysis... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 08:21:13 PDT