gamer lobby trojan hard to catch - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Oct 13^th, 2008, 11:50am

   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   gamer lobby trojan hard to catch

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: gamer lobby trojan hard to catch (Read 829 times)

flightsimHQ
Guest

gamer lobby trojan hard to catch
« on: Feb 12^th, 2002, 5:58pm »

Quote

Modify

Remove

Here's a challenge for you hunters.
A gamers lobby called HyperLOBBY utilizes remote access to user's machine via
Mswinsck.ocx
(secret install of course)

http://hyperfighter.jinak.cz/download.php?file=hlpro26133

Previous versions have altered other system32 dLLs.
Once the HL client is ok'd by the user's firewall....
powerful remote access to the victim is gained through a server that tunnels through a server on port 1698 RSVP-ENCAPSULATION-1
to unknown locations.

There was a mention that older versions may contain
w95.hybris.worm
but I find that doubtful

IP Logged

Magnus
Administrator

Ad astra per aspera.

Posts: 4107

Re: gamer lobby trojan hard to catch
« Reply #1 on: Feb 13^th, 2002, 5:05pm »

Quote

Modify

Analysis of this application does not reveal any installed trojans. No ports of any kind are opened, no autostart entries added, no stealth processes launched.

The setup program does replace mswinsck.ocx, but lots of Visual Basic program installers do that. Do you have any more concrete evidence of this being a trojan? I'm not quite sure what you mean by "remote access to the victim is gained through a server that tunnels through a server on port 1698"?

IP Logged

Pages: 1

Notify of replies

Send Topic


« Previous topic \| Next topic »

Search

Members

Login

Register