[Full-Disclosure] Heads up: Possible lsass worm in the wild
Feher Tamas
etomcat at freemail.hu
Fri Apr 30 10:25:09 BST 2004
Hello,
> for those interested in a sample, it may be obtained at
> http://exploit.nothackers.org/msiwin84-lsass.zip
Kaspersky AV say: Agobot.GEN (heuristic match)
Trend Micro AV says: WORM_AGOBOT.JF (exact match)
Detailed description for this variant:
"http://uk.trendmicro-
europe.com/enterprise/security_info/ve_detail.php?
id=58902&VName=WORM_AGOBOT.JF"
BTW, Trend Micro says the Agobot (alias Gaobot/Phatbot) malware
family has over 900 variants. F-Secure says there are 450 members.
Anyhow, there are many subtle variants and Agobot is the most
populous family ever. VXers willing, it may even reach Agobot.JFK some
time...
Sincerely: Tamas Feher.
Full-Disclosure is hosted and sponsored by Secunia.