Forgive the cross-posting, but I think this *may* merit it. WinPCap is a packet capture driver/architecture for Windows platform, allowing Windows users to do such things as run NMapNT, the NT port of Nmap. Upon scanning a file archive on one of my pen testing laptops, using the latest updated version of The Cleaner (a trojan AV product from MooSoft), The Cleaner reports that versions 2.01, 2.1, 2.2, and 2.3 beta, along with the Developer Pack of WinPCap are all infected with or contain the WinRAT (aka Windows Remote Administration Toolkit) client/server trojan. I "tested" this further by re-downloading the WinPCap files from the original website, located at: http://netgroup-serv.polito.it/winpcap/install/default.htm All files downloaded from this location scanned by The Cleaner are reported as containing WinRAT. I have sent copies of these files to MooSoft asking if they can verify this, and I have emailed the authors of WinPCap as well. That was 3 days ago. McAfee VirusScan 4.51 and 6, both with latest DATs (4186) do not find anything. I do not have access currently to Norton or Trend or another AV product. I also cannot find any helpful information about the WinRAT trojan online (MooSoft's description contains absolutely NO information regarding this trojan other than listing it - see http://www.moosoft.com/winrat.php). I have not yet heard back from WinPCap authors, nor MooSoft. Therefore, I would like to ask if anyone else can verify or disprove this "finding". __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
This archive was generated by hypermail 2b30 : Sat Feb 16 2002 - 09:17:52 PST