Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Haxdoor.KI Deja Vu SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Haxdoor.KI Deja Vu
F-Secure has updated their description of Haxdoor.KI to note "The skyinet.info website (located in Russia) that the backdoor connects to, is now offering a URL that points to a file named samki.exe. This file contains a nasty payload that damages Windows beyond repair. This file can be downloaded and launched by a hacker to destroy all infected computers when time comes." . Their original blog alert info is here.
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!