Network Security: Detailed info on Re: wintbp.exe

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Virus

[Top] [All Lists]

Re: wintbp.exe

from [Nick FitzGerald] Network Security

[Permanent Link]

Subject:	Re: wintbp.exe
Date:	Wed, 17 Aug 2005 15:49:51 +1200

womalley@cmu.edu wrote:

Don't know if anyone responded yet, but this looks like zotob.e (MS05-039
Plug and Play vulnerability).
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.e.html

From the incredible paucity of data posted, it certainly sounds as if

it might be that...

BUT, the data posted does not rule out that it is, in fact, the next 
variant of that worm which may, for example, spawn a separate instance 
from a different, temporarily created copy of the main .EXE and might, 
for instance, trash the host's hard drive if it sees the main .EXE 
deleted.

All that could easily be done and not detected by your typical, and 
even quite advanced admin.  It would surely be missed by someone naïve 
enough to think that a filename alone is sufficient grounds for making 
a malware diagnosis...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
wintbp.exe, Schlegel, Justin Re: wintbp.exe, William O'Malley Re: wintbp.exe, Nick FitzGerald <= Re: wintbp.exe, Jacob Bresciani Re: wintbp.exe, jayjwa Re: wintbp.exe, Jeff Pricher Re: wintbp.exe, Nick FitzGerald Re: wintbp.exe, Ero Carrera Re: wintbp.exe, Anish Shaikh RE: wintbp.exe, Christian Kernodle RE: wintbp.exe, sk3tch RE: wintbp.exe, Joswiak, Johnny G. RE: wintbp.exe, Ellis, Steven

Previous by Date:	RE: wintbp.exe, Joswiak, Johnny G.
Next by Date:	Re: wintbp.exe, William O'Malley
Previous by Thread:	Re: wintbp.exe, William O'Malley
Next by Thread:	Re: wintbp.exe, Jacob Bresciani
Indexes:	[Date] [Thread] [Top] [All Lists]