Re: [Full-Disclosure] win2kup2date.exe ?

I believe someone else mentioned this site on this list (not sure),
but have you tried running it through www.VirusTotal.com? A nice place
for a quick 2nd opinion. If you want to email me a copy of it, I'll
rip it apart and see what can be seen.

P.S. Send it to guidoz@guidoz.com - it's my "catch all" for
virus/unknown files. Just be sure to ZIP it up or else the web host
won't let it through. Otherwise I have disabled all checks/scan.
Downloads directly to a secured Linux box.

-- 
Peace. ~G
On Thu, 2 Sep 2004 15:33:17 +0200 (CEST), bashis <mcw@wcd.se> wrote:
> Hi
> 
> Anyone heard about a file called "win2kup2date.exe" ?
> (Google says nothing found..;)
> 
> I did a controlled test with a XP Pro box w/o patches on Inet
> and this little thingy came on my testbox thrue some sort of RPC exploit,
> tftp'ed down this file from connecting machine, started with SYSTEM,
> and tries to connect up to IRC.
> 
> McAfee Virusscan Enterprise v8.0i with latest DAT's didn't find
> any strange with this file..
> 
> That was actually my test, v8.0 of McAfee virusscan have a future of
> "buffer overflow protection", it stopped the wellknown public RPC/DCOM
> exploit, but not the exploit that putted "win2kup2date.exe" on my testbox.
> 
> Well, so mutch for the new "buffer overflow protection" future.. crap.. ;)
> 
> Have a nice day
> /bashis
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html