-------------------------------------------
From: Paul Ferguson (RD-US)
Sent: Wednesday, March 31, 2010 2:19:17 PM
To: Juan Castro (SAL-LA)
Cc: Newsbank
Subject: RE: NEWSBANK :: Visa Data Security Alert - Key Logger: Key Stroke and Screen Capture
Auto forwarded by a Rule
Unfortunately, this is very bad – detect nothing, even though some have been out there for over a year”
35f5478e190cc6614a6a5d4f1f380855 Undetected
663267d3ed4af3582ea57ba03fb0da92 Undetected
18bc32bb8a8d5a85cdafad5a4ecc4c73 Undetected
7231b6c5ca6addd905db7677200833e2 Undetected
80ee23ede41504b1a83654334148306f Cannot Obtain Sample
994ffae187f4e567c6efee378af66ad0 Undetected
5e289e10a2f3fe6b3080825f5dbf588f Undetected
bae0fb25bcf05a5da7fde8dce759ee0d Undetected
4cf8307cac714fe4f2cbc5d46f5cf243 Undetected
3f4ad41f10ec18a7f27f2339ee500dda Cannot Obtain Sample
I am forwarding all obtained samples to AV_Query for processing now, and also trying to obtain the missing samples.
-ferg
From: Paul Ferguson (RD-US)
Sent: Tuesday, March 30, 2010 10:51 PM
To: Juan Castro (SAL-LA)
Cc: Newsbank
Subject: RE: NEWSBANK :: Visa Data Security Alert - Key Logger: Key Stroke and Screen Capture
Checking…
-ferg
--
"Fergie", a.k.a. Paul Ferguson
Threat Research,
CoreTech Engineering
Trend Micro, Inc., Cupertino, California USA
From: Juan Castro (SAL-LA)
Sent: Tuesday, March 30, 2010 10:48 PM
To: Newsbank
Subject: NEWSBANK :: Visa Data Security Alert - Key Logger: Key Stroke and Screen Capture
Hi All,
Do we have detections for the binaries mentioned in the Visa security alert?
http://usa.visa.com/download/merchants/key-logger-key-stroke-and-screen-capture.pdf?Mar292010
| Filename | Size | MD5 |
| bpkhk.dll | 489,984 | 35f5478e190cc6614a6a5d4f1f380855 |
| bpk.exe | 1,090,560 | 663267d3ed4af3582ea57ba03fb0da92 |
| bpk.exe | 401,408 | 18bc32bb8a8d5a85cdafad5a4ecc4c73 |
| bpkr.exe | 747,520 | 7231b6c5ca6addd905db7677200833e2 |
| fstsmtp.exe | 1,560,661 | 80ee23ede41504b1a83654334148306f |
| xxx.exe | Unknown | 994ffae187f4e567c6efee378af66ad0 |
| SMTPListener | Unknown | 5e289e10a2f3fe6b3080825f5dbf588f |
| dll32.exe | 438,272 | bae0fb25bcf05a5da7fde8dce759ee0d |
| ToolKeylogger | 2,007,040 | 4cf8307cac714fe4f2cbc5d46f5cf243 |
| ToolKeylogger | 6,432 | 3f4ad41f10ec18a7f27f2339ee500dda |
Regards
Juan
|
|
|
沒有留言:
張貼留言