Interesting MedVed Quote Tracker Trojan?
Personal Finance Forum Index Personal Finance
Talk about personal finance: tax, stocks, retirement, funds, and financial software.
Investing Blog
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web pftalk.com
Interesting MedVed Quote Tracker Trojan?

 
Post new topic   Reply to topic    Personal Finance Forum Index -> Stocks
Author Message
Rob Allen Returns
Guest
Posted: Sun Nov 13, 2005 5:00 pm    Post subject: Interesting MedVed Quote Tracker Trojan? Reply with quote
There was a discussion on this newsgroup a while back about a possible
backdoor into MedVed QuoteTracker.

Just found this on a scan with Newist trojan database file.


Found with Trojan Hunter 4.2


Found possible trojan file: Program Files\QuoteTracker\stk361a.exe
(Possible Latinus trojan)

Found possible trojan file: Program Files\QuoteTracker\stk363.exe (Possible
Latinus trojan)

--

When a true genius appears in the world, you may know him by this sign,
that all the dunces are in confederacy against him.
Jonathan Swift

Back to top
Rob Allen Returns
Guest
Posted: Sun Nov 13, 2005 5:00 pm    Post subject: Re: Interesting MedVed Quote Tracker Trojan? Reply with quote
Overview

Summary
Derived from Latinus 1.5. Has similarities to DarkFace 2.0.
Vendor Description
From the doc: '- Nouveau design avec boutons menus. - Visualisation
et kill des tâches (processes). - Visualisation et modif de la base de
registre (valeurs strings) - Notif CGI - Envoi d'e-mail à partir de la
victime. - Conservation des paramétres de la derniére connexion lorsque
vous réouvrez le client. - Serveur non detecté par les AV au 11/07/02 (et
pour longtemps j'espére !).'
Alias
Backdoor.Katux.201, Backdoor.Latinus.102, Backdoor.Latinus.11.a,
Backdoor.Latinus.15.b, Backdoor.Latinus.f, Backdoor.Latinus.j,
See Also
DarkFace 2.0 · Latinus ·
Category
RAT : A Remote Administration Tool, or RAT, is a Trojan that when
run, provides an attacker with the capability of remotely controlling a
machine via a ""client"" in the attacker's machine, and a ""server"" in
the victim's machine. Examples include Back Orifice, NetBus, SubSeven,
and Hack'a'tack. What happens when a server is installed in a victim's
machine depends on the capabilities of the trojan, the interests of the
attacker, and whether or not control of the server is ever gained by
another attacker -- who might have entirely different interests.
Infections by remote administration Trojans on Windows machines are
becoming as frequent as viruses. One common vector is through File and
Print Sharing, when home users inadvertently open up their system to the
rest of the world. If an attacker has access to the hard-drive, he/she
can place the trojan in the startup folder. This will run the trojan the
next time the user logs in. Another common vector is when the attacker
simply e-mails the trojan to the user along with a social engineering
hack that convinces the user to run it against their better judgment.

Variants
Katux Latinus 1.02 · Katux Latinus 1.1 · Katux Latinus 1.1a ·
Katux Latinus 2.0 ·

--

When a true genius appears in the world, you may know him by this sign,
that all the dunces are in confederacy against him.
Jonathan Swift
Back to top
maxfoo
Guest
Posted: Mon Nov 14, 2005 5:01 pm    Post subject: Re: Interesting MedVed Quote Tracker Trojan? Reply with quote
Just downloaded the latest from the web site seems clean to me...anyone find a
problem with the new one on their site?
http://66.165.97.159/qtdb/getema.asp

TIA

Back to top
 
Post new topic   Reply to topic    Personal Finance Forum Index -> Stocks All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Ford dealer - Credit Repair - Bad Credit Auto Loans - Auto loans bad credit


AddThis Feed Button
New Topics Powered by phpBB