[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] win2kup2date.exe ?
- To: mcw@xxxxxx
- Subject: Re: [Full-Disclosure] win2kup2date.exe ?
- From: Über GuidoZ <uberguidoz@xxxxxxxxx>
- Date: Thu, 2 Sep 2004 14:33:53 -0400
I believe someone else mentioned this site on this list (not sure),
but have you tried running it through www.VirusTotal.com? A nice place
for a quick 2nd opinion. If you want to email me a copy of it, I'll
rip it apart and see what can be seen.
P.S. Send it to guidoz@xxxxxxxxxx - it's my "catch all" for
virus/unknown files. Just be sure to ZIP it up or else the web host
won't let it through. Otherwise I have disabled all checks/scan.
Downloads directly to a secured Linux box.
--
Peace. ~G
On Thu, 2 Sep 2004 15:33:17 +0200 (CEST), bashis <mcw@xxxxxx> wrote:
> Hi
>
> Anyone heard about a file called "win2kup2date.exe" ?
> (Google says nothing found..;)
>
> I did a controlled test with a XP Pro box w/o patches on Inet
> and this little thingy came on my testbox thrue some sort of RPC exploit,
> tftp'ed down this file from connecting machine, started with SYSTEM,
> and tries to connect up to IRC.
>
> McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find
> any strange with this file..
>
> That was actually my test, v8.0 of McAfee virusscan have a future of
> "buffer overflow protection", it stopped the wellknown public RPC/DCOM
> exploit, but not the exploit that putted "win2kup2date.exe" on my testbox.
>
> Well, so mutch for the new "buffer overflow protection" future.. crap.. ;)
>
> Have a nice day
> /bashis
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html