TROJAN UNDETECTED BY AD-AWARE

It doesn't matter what you do. AdAware and Spybot
know all about the droppers .. and they do nothing.
Don't believe me? Go get Bargain Buddy and see if
AdAware or Spybot can remove it ... same exact
thing. Those programs are only removing part of the
problem .. so your system will be constantly reinfected.

johns
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

On Wed, 18 Feb 2004 16:13:10 GMT, Laura Fredericks
<anonomiss.DeleteThis@CLOTHEShotmail.com> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 18 Feb 2004 12:55:37 +0000,
>"sam1967@hetnet.nl" <sam1967.DeleteThis@hetnet.nl> wrote in post:
>>i turned off AVG and ran this 7k trojan to see what
>>it would do.
>
>Idiot.
>
Thanks Laura. Keep your informed posts coming.
Ever considered that some people are not as afraid of virii/trojans as
others and have enough analaysis tools to handle them and run them if
they are curious enough.
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

Colonel Flagg wrote:

> anyone that needs to ask "where to send it to" is by no means someone
> capable of doing proper analysis.

<G>, True, but people have to start somewhere to learn.

Although, in this case, lessons 1 - 10 should involve searching Google.
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

This message is not archived
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

On Wed, 18 Feb 2004 18:29:37 -0500, Colonel Flagg
<colonel_flagg.TakeThisOut@NOSOUPFORJ00internetwarzone.org> wrote:

>In article <i1a730lfp66km39sl9ijii1ndpae1jp2vt.TakeThisOut@4ax.com>, sam1967
>@hetnet.nl says...
>> On Wed, 18 Feb 2004 16:13:10 GMT, Laura Fredericks
>> <anonomiss.TakeThisOut@CLOTHEShotmail.com> wrote:
>>
>> >-----BEGIN PGP SIGNED MESSAGE-----
>> >Hash: SHA1
>> >
>> >On Wed, 18 Feb 2004 12:55:37 +0000,
>> >"sam1967@hetnet.nl" <sam1967.TakeThisOut@hetnet.nl> wrote in post:
>> >>i turned off AVG and ran this 7k trojan to see what
>> >>it would do.
>> >
>> >Idiot.
>> >
>> Thanks Laura. Keep your informed posts coming.
>> Ever considered that some people are not as afraid of virii/trojans as
>> others and have enough analaysis tools to handle them and run them if
>> they are curious enough.
>>
>>
>>
>
>
>anyone that needs to ask "where to send it to" is by no means someone
>capable of doing proper analysis.

Oh thats BS. i can do the analysis (and frequently do as part of my
work) but i do not know right off the top of my head where to send it
though i can guess or "google" it.
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

On Wed, 18 Feb 2004 14:51:03 GMT, null DeleteThis @zilch.com wrote:


>You receive worm attackments via email ...

'Attackments'! : I liked this word. Has it been used for long? Or is
it your own creation?

Thanks.
Geo
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

sam1967 RemoveThis @hetnet.nl wrote:

> i turned off AVG and ran this 7k trojan to see what it would do.

Well, I guess you found out, eh?


> it contacted a download site (casino stuff etc) and downloaded its big
> brother called rem2c4.exe which connected to the same web site.
> i didnt analayse the packets to see what it was sending.
> funny thing is it rem2c4.exe wont run now. maybe it only runs at
> certain times of the day.
> AVG, ad-aware, spybot and EZ-AV were unable to identify it as harmful.
> ill post it off as you recommend.
>
>
>
>
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

On Thu, 19 Feb 2004 00:37:35 GMT, null.TakeThisOut@zilch.com wrote:


>>>You receive worm attackments via email ...

>> 'Attackments'! : I liked this word. Has it been used for long? Or is
>>it your own creation?

>Credit goes to Chris Quirke who sometimes posts here.

Thank you.

Geo
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

> of course i dont use a real email address.
> this trojan was downloaded automatically from a web site (i use opera
> but opera is blameless).
> the web site i visited was a warez site and it first downloaded a 7k
> downloader trojan call small.download.h which AVG identified straight
> away.
> i turned off AVG and ran this 7k trojan to see what it would do.
> it contacted a download site (casino stuff etc) and downloaded its big
> brother called rem2c4.exe which connected to the same web site.
> i didnt analayse the packets to see what it was sending.
> funny thing is it rem2c4.exe wont run now. maybe it only runs at
> certain times of the day.
> AVG, ad-aware, spybot and EZ-AV were unable to identify it as harmful.
> ill post it off as you recommend.

You can "NEVER" trust a warez website nor any website or newsgroup which hackers list on Usenet
since most are owned by malicious hackers. The malicious hackers post in Security, Anti-Virus
and Hackers Newsgroups, Egroups and Message Boards along with Telnet IP listings; to name a
few. I exposed someone hackers website listing where the hacker wanted to learn from and the
files had four Backdoors. Beware all if you want to learn how to hack. No AVG, ad-aware or
spybot can protect you and PLEASE learn this.

Tracker
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

On Wed, 18 Feb 2004 18:29:37 -0500, Colonel Flagg
<colonel_flagg.DeleteThis@NOSOUPFORJ00internetwarzone.org> wrote:

>In article <i1a730lfp66km39sl9ijii1ndpae1jp2vt.DeleteThis@4ax.com>, sam1967
>@hetnet.nl says...
>> On Wed, 18 Feb 2004 16:13:10 GMT, Laura Fredericks
>> <anonomiss.DeleteThis@CLOTHEShotmail.com> wrote:
>>
>> >-----BEGIN PGP SIGNED MESSAGE-----
>> >Hash: SHA1
>> >
>> >On Wed, 18 Feb 2004 12:55:37 +0000,
>> >"sam1967@hetnet.nl" <sam1967.DeleteThis@hetnet.nl> wrote in post:
>> >>i turned off AVG and ran this 7k trojan to see what
>> >>it would do.
>> >
>> >Idiot.
>> >
>> Thanks Laura. Keep your informed posts coming.
>> Ever considered that some people are not as afraid of virii/trojans as
>> others and have enough analaysis tools to handle them and run them if
>> they are curious enough.
>>
>>
>>
>
>
>anyone that needs to ask "where to send it to" is by no means someone
>capable of doing proper analysis.

i never claimed to be a security expert ( far from it ).
security was never a part of my job ans always someone elses
responsibility - until now.
it is only since I started freelancing that i realise just what a
complete mess the security situation is in esp regarding M$.
i cannot believe the number of vulnerabilities being exposed in their
sw at the moment and have switched to opera as a first step.
as I posted earlier the best solution is probably to have some kind of
virtual machine running which you use for all your internet surfing .
this virtual nachine can then be destroyed once a day and recreated.
i am looking at various VM solutions anyone got any (cheap or free)
favorites ?
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

On Thu, 19 Feb 2004 00:58:31 -0500, Colonel Flagg
<colonel_flagg DeleteThis @NOSOUPFORJ00internetwarzone.org> wrote:

>In article <j18830hjli5l4h342utjpqilu5e1ptk5fh DeleteThis @4ax.com>,
>NoneOfBusiness@nob.net says...
>> On Wed, 18 Feb 2004 18:29:37 -0500, Colonel Flagg
>> <colonel_flagg DeleteThis @NOSOUPFORJ00internetwarzone.org> wrote:
>>
>> >In article <i1a730lfp66km39sl9ijii1ndpae1jp2vt DeleteThis @4ax.com>, sam1967
>> >@hetnet.nl says...
>
>> >
>> >
>> >anyone that needs to ask "where to send it to" is by no means someone
>> >capable of doing proper analysis.
>>
>> Oh thats BS. i can do the analysis (and frequently do as part of my
>> work) but i do not know right off the top of my head where to send it
>> though i can guess or "google" it.
>>
>
>
>and your point is? you're telling me you run "analysis" on a production
>box and then connect it to the Internet? this person seems like someone
>"getting their feet wet" without the forethought to research accepted
>practices and procedures, then goes to the professionals to help clean
>up his mess. typical.

there is no mess except the one in your head.
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

On Wed, 18 Feb 2004 23:46:05 GMT, Laura Fredericks
<anonomiss.TakeThisOut@CLOTHEShotmail.com> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 18 Feb 2004 18:02:39 +0000,
>"sam1967@hetnet.nl" <sam1967.TakeThisOut@hetnet.nl> wrote in post:
>>Ever considered that some people are not as afraid of
>>virii/trojans as others and have enough analaysis
>>tools to handle them and run them if they are curious
>>enough.
>
<snip self-righteous, obnoxious, opinionated and downright false nazi
rant>

what a bitch.
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE 

<sam1967.RemoveThis@hetnet.nl> wrote in message news:352930daj2glt616el80ohjtvpjepcm81k@4ax.com...

> i never claimed to be a security expert ( far from it ).
> security was never a part of my job ans always someone elses
> responsibility - until now.

Uh oh.

> it is only since I started freelancing that i realise just what a
> complete mess the security situation is in esp regarding M$.

M$ is not responsible for your running a downloader trojan
just to see what it does.

> i cannot believe the number of vulnerabilities being exposed in their
> sw at the moment and have switched to opera as a first step.

Yes, their security record is abysmal, but you need to brush
up on safe computing practices if you think that software is
the weakest link in the security chain.

Safer software, safer practices, and isolationism (isolated test
machine or network) is probably better than VM, emulation
or sandbox approaches. Running a trojan downloader could
download *and* execute a foreign program on your internet
connected machine ~ which could be bad for all of us.
 >> Stay informed about: TROJAN UNDETECTED BY AD-AWARE