Just my little part in the fight!

Discussion in 'malware problems & news' started by WhiteMateria, Apr 20, 2003.

Thread Status:
Not open for further replies.
  1. WhiteMateria

    WhiteMateria Registered Member

    Joined:
    Apr 27, 2002
    Posts:
    24
    Location:
    Moonlit dreams in the desert oasis
    Our Solution!
    --------------------------------------------------------------------------------

    Greetings!

    Thank you for contacting TrendLabs HQ.

    We have analyzed the file you submitted

    NETCONFIG{5}.XTR 821,233 BYTES

    and it has been found to be malicious. We have created a scan pattern to detect the said file and it will be included in the next Controlled Pattern Release. The Controlled Pattern
    Release is being updated daily and you can download the said pattern at:
    http://www.trendmicro.com/download/pattern-cpr-disclaimer.asp

    The scan pattern that can detect this malware is currently under QA testing and it
    will be posted at the above link once the testing is finished.

    This file is a new sample of BKDR_MOSUCK.A.

    This malware is backdoor that gives a remote access to a compromised system. This malware allows multiple client to connect to the system. It is capable of handling and synchronizing requests between the hacker clients.

    This malware can do the following activities
    1. Access and control the remote computer. It can restart and terminate active process in the infected system.
    2. Play with the CD-ROM tray by opening and closing.
    3. Log system activities and keystrokes. It also logs the activity of the mouse cursor. It also creates a log file of backdoor activities of the connecting hackers/clients.
    4. Ability to make the server an ftp server. Being able to upload and download files.It can also make a list, create, delete directories
    5. Open and close a chat session usually in ICQ.
    6. Play sound files
    7. Get OS system type and version
    8. Able to modify Windows Registry. Usually autostart system registry entries.
    9. Launch application files and executables

    Should you have any other inquiries, do not hesitate to email us back.

    For virus related inquiries, please send an email to: virus_doctor@support.trendmicro.com
    For product related inquiries, please send an email to: support@support.trendmicro.com

    With best regards,

    Zarestel Ferrer
    AntiVirus Group
    TrendLabs HQ, Trend Micro, Inc.
     
  2. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi WhiteMateria!

    Sounds good! Here's a little advice from my side. Send this file with your original message to several AV-companies (like Norton, F-Secure,...) and AT-companies (TDS-3,...). There are other people using these softwares. They would be pleased if they are safe against this trojan as well!

    Like that you help make the internet world more safe! :cool:

    Best regards!

    Patrice
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Patrice,

    That's a sound advice.

    At first glance, it looks like a variant from Krusty's well known Mosucker backdoor v3.0, server manipulated by the one playing with it.

    regards.

    paul
     
  4. WhiteMateria

    WhiteMateria Registered Member

    Joined:
    Apr 27, 2002
    Posts:
    24
    Location:
    Moonlit dreams in the desert oasis
    Sigh I wish I had the file still but I had reformated my computer after I sent off the file and then lost it... Next time I will do that but I am kinda hoping I come across the file again by finding the site I got it from.
     
  5. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Don't worry WhiteMateria!

    I wouldn't take the risk of being infected again! If you really care you still can contact the support again. Perhaps they are helpful -who knows. Otherwise let it be!

    Regards!

    Patrice
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Never mind - we know it's out there, and grab a copy ;).

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.