[RC5] Trendmicro and dnetc

Scott Dodson sdodson at sdodson.com
Fri Mar 5 20:45:28 EST 2004


On Wed, 2004-03-03 at 23:46 -0500, Scott Dodson wrote:

> > "This Trojan program has a payload of crashing the system, by using 100% of the
> > system's CPU utilization. In order for this malware to perform its payload,
> > there must be two copies of itself in the same directory. They both must have
> > the same file names, with .COM as the extension of one copy, and .EXE for the
> > other copy."
> > 
> > "Damage Potential: High"
> > 
> > Those guys on TrendMicro certainly don't know dnet. It would be good to warn
> > them, or their software will keep on cleaning the client from many systems.
> 
> I've contacted them with no response as of yet.  I'll try again tonight.
> Customers of theirs may have more pull than a non customer however.  To
> me this is a sign of poor quality product, please complain to them.
> 
> Keep an eye on the following bug, modify it if you're able to get
> anywhere with them, or just e-mail me to let me know and I'll update the
> bug.
> 
> http://n0cgi.distributed.net/bugs/show_bug.cgi?id=3597

For what it's worth I've closed out the bug because the latest
signitures seem to not detect our client.  If anyone finds this not to
be the case please let me know.

--
Scott
sdodson at sdodson.com
sdodson at distributed.net




More information about the rc5 mailing list