[Snort-sigs] Possible trojan rule

Micheal Cottingham micheal.cottingham at ...2462...
Thu Jun 3 06:23:17 EDT 2004


The only other thing I can add is that it looks like it is creating 
.text and .rdata files as well.

_____________________________________
Micheal Cottingham, Comptia A+
micheal.cottingham at ...2462...
1-434-949-1078



Hugo van der Kooij wrote:

>On Wed, 2 Jun 2004, Matthew Jonkman wrote:
>
>  
>
>>We're finding a number of client machines infected with something. Not
>>sure what it is. The symptom is it downloads
>>
>>http://209.123.150.15/siae3123.exe
>>    
>>
>
>3 different virus scanners could not find any harm in them. Functions
>called inside:
>
>	ExitProcess
>	Sleep
>
>Filename referenced:
>
>	c:\Projects\Empty\Empty\Release\Empty.pdb
>
>Various internet pages seem to indicate this as spyware.
>
>Hugo.
>
>  
>




More information about the Snort-sigs mailing list