[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] win2kup2date.exe ?

To: James Patterson Wicks <pwicks@xxxxxxxxxx>
Subject: Re: [Full-Disclosure] win2kup2date.exe ?
From: Über GuidoZ <uberguidoz@xxxxxxxxx>
Date: Thu, 2 Sep 2004 16:04:09 -0400

VirusTotal identified if as another Rbot/SDBot. Good questions Barry -
things one should also do or answer when questioning what something
is.

-- 
Peace. ~G


On Thu, 2 Sep 2004 13:35:00 -0400, James Patterson Wicks
<pwicks@xxxxxxxxxx> wrote:
> French site
> (http://www.commentcamarche.net/forum/affich-975065-%5Balerte%5D-win2kup
> 2date-exe-new-virus) said that he had a shutdown after 60 seconds,
> thought it was a Blaster variant.
> 
> Just passing on information.
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of bashis
> Sent: Thursday, September 02, 2004 9:33 AM
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: [Full-Disclosure] win2kup2date.exe ?
> 
> Hi
> 
> Anyone heard about a file called "win2kup2date.exe" ?
> (Google says nothing found..;)
> 
> I did a controlled test with a XP Pro box w/o patches on Inet
> and this little thingy came on my testbox thrue some sort of RPC
> exploit,
> tftp'ed down this file from connecting machine, started with SYSTEM,
> and tries to connect up to IRC.
> 
> McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find
> any strange with this file..
> 
> That was actually my test, v8.0 of McAfee virusscan have a future of
> "buffer overflow protection", it stopped the wellknown public RPC/DCOM
> exploit, but not the exploit that putted "win2kup2date.exe" on my
> testbox.
> 
> Well, so mutch for the new "buffer overflow protection" future.. crap..
> ;)
> 
> Have a nice day
> /bashis
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> This e-mail is the property of Oxygen Media, LLC.  It is intended only for 
> the person or entity to which it is addressed and may contain information 
> that is privileged, confidential, or otherwise protected from disclosure. 
> Distribution or copying of this e-mail or the information contained herein by 
> anyone other than the intended recipient is prohibited. If you have received 
> this e-mail in error, please immediately notify us by sending an e-mail to 
> postmaster@xxxxxxxxxx and destroy all electronic and paper copies of this 
> e-mail.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] win2kup2date.exe ?
  - From: James Tucker

References:
- RE: [Full-Disclosure] win2kup2date.exe ?
  - From: James Patterson Wicks

Prev by Date: [Full-Disclosure] Re: New paper on Security and Obscurity
Next by Date: [Full-Disclosure] Re: Microsoft Update Loader msrtwd.exe
Previous by thread: RE: [Full-Disclosure] win2kup2date.exe ?
Next by thread: Re: [Full-Disclosure] win2kup2date.exe ?
Index(es):
- Date
- Thread