Hosting Provided By

"webmoney" trojan and COM interface analysis

From: Pierre Vandevenne <pierre(at)datarescue.com>
Date: Thu Mar 20 2003 - 18:56:03 EST

Hello incidents,

We have analyzed a trojan that was spammed on us early this week. Not really a big news in itself as similar beasts are seen on a regular basis but since COM based hostile code is notoriously hard to analyze statically, we have published some details that could help other analysts facing similar trojans

www.datarescue.com/idabase/greetings is the place. We have put a basic text description of the trojan and documented our in-depth analysis with a couple of IDA databases and their equivalent listings in pure text mode.

-- 
Best regards,
Pierre                          mailto:pierre@datarescue.com
www.datarescue.com/idabase - home of the IDA Pro Disassembler
IDA Pro: the undisputed leader in hostile code analysis


----------------------------------------------------------------------------

Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.
http://www.securityfocus.com/stillsecure"> 
http://www.securityfocus.com/stillsecure

Received on Fri Mar 21 11:58:07 2003

This message: [ Message body ]
Next message: Charles Polisher: "Trojan attacking our switches"
Previous message: Johannes Ullrich: "Re: Nimda.E/unknown memory resident, internet-aware processes"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:00 EDT