Lucene search
K

ie0199.exe-trojan.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 45 Views

Trojan horse spread via email, posing as Internet Explorer HOTFIX causing system damage.

Code
`Date: Thu, 28 Jan 1999 20:12:39 -0500  
From: Mark E. Duck <[email protected]>  
To: [email protected]  
Subject: E-mailed Trojan  
  
  
There is a trojan horse circulating the Internet as an attachment in email  
with a spoofed email address of Microsoft Corporation. It contains an  
announcement and an attachment that is supposedly targeted at registered  
users of MS Internet Explorer. A copy of the email was not available for  
examination, but the attachment was. The attachment is called ie0199.exe and  
is represented as a HOTFIX for IE.  
  
When executed it deletes sndvol32.exe from the %SystemRoot%\System32  
directory, installs %SystemRoot%\System\sndvol.exe, creates a registry key  
value HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Default with a  
value of %SystemRoot%\System\sndvol.exe. This key causes execution of  
sndvol.exe after logging into the system. This is malicious code that  
continually half opens TCP connections on various ports to www1.infotel.bg.  
  
You must delete %SystemRoot%\System\sndvol.exe, terminate the running  
sndvol.exe process, remove the key (see above), and restore  
%SYSTEMROOT%\System32\sndvol32.exe with a known good copy (if required) to  
remove the trojan.  
  
Thanks go out to ET, Ranger Rick, Homer, and Raz for their assistance on  
tracking this down and helping me kill it. Public attribution of the authors  
of this report is acceptable and expected.  
  
Mark E. Duck, Owner  
AquaScape, Internet Services http://www.aquascape.com  
"Those who desire to give up Freedom, to gain Security, will not, and do not  
deserve, either." -- Thomas Jefferson  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation