-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 looks like HXDEF from http://rootkit.host.sk, the main part of the rootkit read its configuration from rtkit.ini, where hidden regkeys, services and hidden file prefix is defined. its been packet with few batch file to bench the speed of the compromised host, maybe in order to serve Warez later. the backdoor it install by default can only be accessed with a special client, server side is waiting for specially crafted ICMP packet on any listening port i believe... AFAIk the code is based on IErk.sys maybe somting else. Matt~ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj7p+H0ACgkQAKqWCZYfH8XCBACglTMA3w7ZQ/8VoEOVhuHcvqRxfMoA njoHvxztQTXFZQmAHBRvY1JLP0ep =m/XG -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 13:43:44 PDT