Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
was done in the middle of the thread with TDS-3Originally posted by diehrd
Do a scan for a trojen horse.
Originally posted by Spinal
Win Init
http://www.sophos.com/virusinfo/analyses/w32agobotbd.html
W32/Agobot-BD Worm
W32/Agobot-BD is an IRC backdoor Trojan and network worm.
W32/Agobot-BD is capable of spreading to computers on the local network protected by weak passwords.
When first run, W32/Agobot-BD moves itself to the Windows system folder as Filename.exe and creates the following registry entries so that it is run automatically on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Win Init= <SYSTEM>\Filename.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
Win Init= <SYSTEM>\Filename.exe
On NT based versions of Windows the worm creates a new service named "Win Init" with the startup property set to automatic, so that the service starts automatically each time Windows is started.
Each time W32/Agobot-BD is run it attempts to connect to a remote IRC server and join a specific channel.
W32/Agobot-BD then runs continuously in the background, allowing a remote intruder to access and control the computer via IRC channels.
W32/Agobot-BD attempts to terminate and disable various security related programs and attempts to prevent its own process from being deleted.
again http://www.esecurityplanet.com/alerts/article.php/3286551
Originally posted by Ice Czar
way to go TheMasterRat
could have sworn the system was clean (with the fresh install and all)
Originally posted by TheMasterRat
Thanks. It's my job. Literally.
Trend Micro issued an alert for a similar malware, Worm_Agobot.BL, which it reports has both worm and backdoor capabilities.
It exploits certain vulnerabilities to propagate across networks. Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities:
# Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
# IIS5/WEBDAV Buffer Overflow vulnerability
# RPC Locator vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
# Microsoft Security Bulletin MS03-026
# Microsoft Security Bulletin MS03-001
# Microsoft Security Bulletin MS03-007
It attempts to log into systems using a list of user names and passwords. This worm then drops a copy of itself in accessed machines.
It also terminates antivirus-related processes and dropped files by other malware. This worm steals CD keys of certain game applications, then sends gathered data to a remote user via mIRC, a chat application. It also has backdoor capabilities and may execute remote commands in the host machine.
Originally posted by Ice Czar
as a sysadmin or a whitehat?
must have been getting reinfected after each install
Originally posted by Ice Czar
good learning experience
Originally posted by Ice Czar
well it wont be too long and Longhorn will be out
with a whole new can of worms
anything you might impart regarding Windows 64bit extention?
Issues youve seen or heard about (I know its not offically supported yet)
Originally posted by Ice Czar
errr...we have quite a few members from India
of course its always open season on Microsoft
Originally posted by Ice Czar
Paranoidal fantasies of government conspiracies
Originally posted by Ice Czar
Paranoidal fantasies of government conspiracies
Originally posted by Ice Czar
ahh but they are only paranoid delusions if they arent real
Inside Echelon
The history, structure and function of the global surveillance system known as Echelon (as of 7-25-00)
by Duncan Campbell, author of the European Parliament's 1999 "Interception Capabilities 2000" report
and bear in mind that was before the NSA received a blank check to stop terrorism