|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Possible new backdoor: mspx-smss.exe ?
Date: Wed Feb 26 2003 - 16:19:15 EST
('binary' encoding is not supported, stored as-is)
In-Reply-To: <20030221115716.30417.qmail@www.securityfocus.com>
Hello,
In the previous thread about this subject, I posted a list of files that
were placed on a 'hacked' Windows 2000 computer in our network.
Among these files were a wingate engine (mspx-smss.exe), a watchdog
program to restart a service (mspx-sw.exe) and a very
sophisticated 'stealth' program (mspxss.exe) that can hide processes and
hide files in NTFS disks.
The main purpose of these files is to create a proxy server that can be
used by hackers for DDOS attacks or to obscure their original IP-address.
I got a lot of reactions about these files. McAfee/Network Associates have named it: Backdoor-AQM and it will be included in their DAT-file: 4251. Kaspersky labs have sent me an analysis of the mspxss.exe file. They will include it also in their next update.
I would thank all who helped me to get this mystery solved. For those who are also eager to analyse these files themselves, I've compiled some information and placed them on a web-page:
A quick report I wrote (not quite plain HTML, because I used MS-Word): http://members.chello.nl/s.pechler/Backdoor_stealth_proxy_server.htm
The files can be found in the following ZIP-file (password=infected): http://members.chello.nl/s.pechler/mspx-smss-trojan.zip
Regards,
Sven Pechler
University of Technlogy Eindhoven
Faculty of Technology Management
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Received on Thu Feb 27 11:26:45 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:59 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |