Help - Search - Member List - Calendar
Full Version: Nuclear Rat
GovernmentSecurity.org > System Security > Trojan & Virus Errata
chris105
Apr 9 2005, 09:43 PM
Found a good new RAT: http://www.nuclearwinter.mirrorz.com/

Tested with direct connect on my test box but havnt tested remote or reverse connect.

QUOTE
Antivirus Version Update Result
AntiVir 6.30.0.7 04.09.2005 no virus found
AVG 718 04.07.2005 no virus found
BitDefender 7.0 04.09.2005 no virus found
ClamAV devel-20050307 04.09.2005 no virus found
DrWeb 4.32b 04.09.2005 no virus found
eTrust-Iris 7.1.194.0 04.09.2005 no virus found
eTrust-Vet 11.7.0.0 04.08.2005 no virus found
Fortinet 2.51 04.09.2005 no virus found
F-Prot 3.16a 04.09.2005 no virus found
Ikarus 2.32 04.08.2005 Backdoor.Win32.Delf.KS.
Kaspersky 4.0.2.24 04.09.2005 no virus found
McAfee 4465 04.08.2005 no virus found
NOD32v2 1.1051 04.09.2005 probably unknown NewHeur_PE virus
Norman 5.70.10 04.08.2005 no virus found
Panda 8.02.00 04.09.2005 no virus found
Sybari 7.5.1314 04.09.2005 no virus found
Symantec 8.0 04.09.2005 no virus found


Thats the results from virus total
tibbar
Apr 9 2005, 09:47 PM
check it again in 7 days, and u will find a good few detect it...
chris105
Apr 9 2005, 10:05 PM
I know, thats what I wanted to see lol.

I talk from personal experience when i say this is a bitch to remove!

Edit: Removed what I found but it could still be injected in iexplore, by the time I reboot it should be fine, can anyone tell me what the memory usage for iexplore on www.google.com on an English SP1 XP shuld be?


Hang on a minute that was too easy ... sureley deleting those files wasnt it! Not such a bitch to remove after all :S
chris105
Apr 10 2005, 04:22 PM
ROFLMAO:

less than 20 hours after my post:

QUOTE
Antivirus Version Update Result
AntiVir 6.30.0.7 04.10.2005 no virus found
AVG 718 04.07.2005 no virus found
BitDefender 7.0 04.10.2005 no virus found
ClamAV devel-20050307 04.09.2005 no virus found
DrWeb 4.32b 04.10.2005 no virus found
eTrust-Iris 7.1.194.0 04.09.2005 no virus found
eTrust-Vet 11.7.0.0 04.08.2005 no virus found
Fortinet 2.51 04.09.2005 no virus found
F-Prot 3.16a 04.09.2005 no virus found
Ikarus 2.32 04.08.2005 Backdoor.Win32.Delf.KS.
Kaspersky 4.0.2.24 04.10.2005 Backdoor.Win32.Nuclear.d
McAfee 4465 04.08.2005 no virus found
NOD32v2 1.1053 04.10.2005 probably unknown NewHeur_PE virus
Norman 5.70.10 04.08.2005 no virus found
Panda 8.02.00 04.10.2005 no virus found
Sybari 7.5.1314 04.10.2005 Backdoor.Win32.Nuclear.d
Symantec 8.0 04.09.2005 no virus found


2 new detections, I will keep you updated ...

Welcome to the board Kaspersky (we knew you were here anyway tongue.gif) and Sybari (never heard of you guys, fancy posting some info about yourselves? lol
manu
Apr 10 2005, 06:07 PM
Guys,

As you know, Microsoft is gonna buy SYBARI ( I think they already bought), that will be included in their next version of OS. biggrin.gif

For guys who dont know about it, heres the news from a site

QUOTE
"Microsoft signed a definitive agreement to buy anti-virus and anti-spam vendor Sybari Software for an undisclosed sum, the companies said on Tuesday.

Should the deal pass regulatory hurdles, it will be Microsoft's second purchase of a company in the anti-virus security market in two years. But unlike GeCAD Software, which Microsoft bought in June 2003, Sybari is less of a direct competitor to other anti-virus companies.

With Sybari, Microsoft gets a vendor that takes an infrastructural approach to software and relies heavily on anti-virus partners. Sybari does not maintain its own anti-virus engine. Instead, its enterprise-focused anti-virus products license and run multiple scanning engines from anti-virus partners against e-mail messages at the gateway or in the mail server. With the current product, Antigen 8.0, customers have the choice of running from one to four anti-virus engines. Two of the engines are from Computer Associates and one each come from Sophos and Norman."



Source

http://channels.lockergnome.com/news/archi...uy_sybari.phtml


Manu smile.gif
FLX
Apr 11 2005, 07:42 AM
talking about big brother tongue.gif
AdmiralB
Apr 11 2005, 07:43 AM
lol every company is boosting antivirri efforts
increasing hard to have new viruses smile.gif
B3T4
Apr 11 2005, 07:56 AM
looks like a logical choise to use Sybari since it uses the power of other AV mechanisms, microsoft can never compete with the current marktleaders (which hopefully dont wanna be sold) and they want to cover the AV corner as we can see in SP2. Sybari may not have a name yet but if its beeing incorporated inside windows, we never need to know its name.
Sr_Sombrero
May 17 2005, 05:15 PM
Better don`t send tronjans to online scanner because they keep a sample and then they send it to the AVs company.
aelphaeis_mangarae
May 18 2005, 08:29 PM
QUOTE
Better don`t send tronjans to online scanner because they keep a sample and then they send it to the AVs company.


Yeh i once used an online scanner for someone i coded, they said they wouldn't send away my file unless i wanted them to, but like the next day KAV detected it.
netxman
May 19 2005, 10:20 PM
Why it has not Webcam recorder ?

I think it's a good feature.
tibbar
May 19 2005, 11:29 PM
QUOTE(netxman @ May 19 2005, 10:20 PM)
Why it has not Webcam recorder ?

I think it's a good feature.
*



i'm sure you enjoy perving away at your 'vics'. Why did you bother posting this, when the author is not in this thread or even at GSO?
illwill
May 20 2005, 01:12 PM
dummy because that online site you uploaded it to to scan it also sends the unknown exes into antivirus companies for further investigation.. so basically youre the one helping it get detected dry.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.