root.exe scanner

From: w1re p4ir (w1rep4irat_private)
Date: Tue Aug 07 2001 - 20:03:04 PDT

Next message: Jason Haar: "Re: CR II - winME? confirmation? (Slightly OT)"

Previous message: Michael J. Cannon: "Re: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I also sent this message to incidents so sorry if you get it twice like I will ;). After seeing many posts on this "root.exe" backdoor, and encountering
it 3 times in the field I decided to write a script that scans from startip to
endip looking for root.exe in msadc/ and scripts/. It's not blazing fast but it
definitely gets the job done. Feel free to modify it as you see fit. Just email
me your modifications so i can see how you improved it and keep my name on it.
Enjoy,



________________________________________________________
The Best News Source On The Web - http://www.disinfo.com

application/octet-stream attachment: rootscanner.pl

Next message: Jason Haar: "Re: CR II - winME? confirmation? (Slightly OT)"
Previous message: Michael J. Cannon: "Re: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:52:37 PDT