Sample needed - of Spybot.ZIF, which scans for vulnerable Cisco Routers
According to Symantec, W32.Spybot.ZIF "allows a remote attacker" to, among other things, "Scan a specified network range for Cisco routers that may have vulnerable Telnet or HTTP servers running and report results back to IRC."
If anyone catches a sample of this one please upload it through our contact page. Thanks!
Thanks to Jakob S for sending us the sample.
It's MD5 sum is:
2ec1fa5fca52b9c36bddea3511178882 svcdata.exe
so if you have a different sample let us know.
For what it's worth, Symantec detects this as W32.Spybot.ZIF while Kaspersky detects it as Backdoor.Win32.Rbot.adf.
If anyone catches a sample of this one please upload it through our contact page. Thanks!
Thanks to Jakob S for sending us the sample.
It's MD5 sum is:
2ec1fa5fca52b9c36bddea3511178882 svcdata.exe
so if you have a different sample let us know.
For what it's worth, Symantec detects this as W32.Spybot.ZIF while Kaspersky detects it as Backdoor.Win32.Rbot.adf.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments