On 19 Jun 2003 at 20:14, btraquerat_private wrote: From: btraquerat_private To: incidentsat_private Subject: Unusual registry entries Date sent: Thu, 19 Jun 2003 20:14:35 +0000 > Today, while installing an app on a 98 box, we noticed that the user name and > organization that Windows was registered to was quite unusual. The registry > key, HKLM-->Software-->Microsoft-->Windows-->CurrentVersion showed the following: > > RegisteredOwner: Forger > RegisteredOrganization: RedTeam Art & Dev Lab > > > Have any of you ever seen or heard of anything like this before? > > A search on Google only brought up four hits when I searched for redteam > +forger. Had no luck using any other search. Found some light info about 2 > viruses that had one or the other in the name, but couldn't any definitive info > about either. Virus search results (minimal search): http://www.f-secure.com/v-descs/vcl.shtml http://www.avp.ch/avpve/newexe/windows/redteam.stm Note that besides the Redteam kit, the worm itself is rather old. How much do you know of the history of the box, because the entries may have been there for a while. Cheers, Brad > > No unusual apps/processess "appear" to be installed/running and nothing unusual > appeared during a review of the system, but this is still very interesting... > > If you have any info about this it would be greatly appreciated!! > > Thanks! > Gene > > ---------------------------------------------------------------------------- > Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the > world's premier technical IT security event! 10 tracks, 15 training sessions, > 1,800 delegates from 30 nations including all of the top experts, from CSO's to > "underground" security specialists. See for yourself what the buzz is about! > Early-bird registration ends July 3. This event will sell out. www.blackhat.com > ---------------------------------------------------------------------------- > Gryphonn Design Custom Computers Anti-virus and Security services E: gryphonnat_private This message has a short disclaimer. It is designed to piss off those people who think 134 bytes of ASCII is a waste of bandwidth. ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Jun 21 2003 - 11:44:36 PDT