On Thu, 3 Jan 2002, ByteRage wrote: > hmm it seems more thorough analysis has already been > performed by AV researchers : > > http://www.symantec.com/avcenter/venc/data/w32.dlder.trojan.html > http://www.europe.f-secure.com/v-descs/dlder.shtml > http://vil.mcafee.com/dispVirus.asp?virus_k=99289& > http://www.xtra.co.nz/help/0,,4128-544089,00.html#dlder They contain nothing new, just the information from the various vuln-dev mails. > It appears to be installed by LimeWare Gnutella / > Grokster and BonziBuddy and Net2Phone (http://www.clicktilluwin.com/clickpartners.htm) under http://www.clicktilluwin.com/clickprivacyterms.htm, they admit to monitor URL's the user visits while the trojan is running (to trigger advertisements). greetings, CyBot -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d-(+)@ s:- a-- C+++ UL+++ P-- L+>++ E- W+(++)>+++ N++ o K++ w !O !M !V PS++ PE+ Y+ PGP t+ 5 X R>+ tv+ b+(+++) DI++ UF++ D++ G++ e h! r++ y+ ------END GEEK CODE BLOCK------
This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 14:34:22 PST