TD wrote: >- psexec.exe seems to be a remote tool...unknown... This is the sysinternals.com psexec.exe, which is the piece of software that is used for remote execution when the SMB session on tcp/445 is established to a vulnerable PC. Below a link to the description of the tcp/445 mirc trojan that popped up in august 2002 and was analyzed by Kyle Lai, the trojan you describe could be derived from that one, at least several files and the infection method appears to be common : http://www.astalavista.com/trojans/library/trojans/analysis/mirc_trojan_analysis.shtml Peter Jelver eSec A/S ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 09:38:25 PST