New Virus Behavior / GDIScan Questions

Published: 2004-09-29
Last Updated: 2004-09-29 23:58:34 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
New virus behavior

Our fellow handler Patrick Nolan sent this news about the Surila.k virus. According to the VirusList.com website "In order to gain full access to the Internet, Surila registers itself in the Windows FirewallPolicy, thereby becoming a legal program with full Internet rights."


This will bypass any Firewall settings that may otherwise block the virus from
contacting the IRC server is connects to for remote control. The virus installs
an HTTP and SMTP proxy server. Traffic to these proxies will be permitted by the
modified firewall rules.
GDIScan questions

We are still receiving some questions about Tom Liston´s tool GDIScan.
In yesterday´s diary, Donald Smith included a good link with a FAQ for the tool ( http://www.bleepingcomputer.com/forums/topict3077.html ). One interesting question is about the tool in Windows 98.

Donald Smith answer explains it well:


"...it means the application was designed to run on win2k and higher.
I have successfully run it on an old 98 machine. The reporting was a
little messed up because my 98 system didn't render the ansi sequences
correctly BUT it did find vulnerable dlls. The report just wasn't in
red/black and had ansi sequences in the text."

-------------------------------------------------------------------

Handler on Duty: Pedro Bueno ( pbueno /AT/ isc.sans.org)

If you are at SANS Network Security 2004 in Las Vegas, send a hello to our lucky Handlers there! (ps. ask them to send some postcard to the handlers over here...(like a brazilian one...)

Keywords:
0 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives