Pangolin. Backdoor?

Printable View

April 6th, 2008, 08:37 PM
shad0w7

Pangolin. Backdoor?

Has anybody else come across this sql injector, written by Zwell. The general consensus is that it although it works, there is a backdoor on the program. And when you scan it, it detects an IRC bot. Although according to a mailing list (can't remember which one) some posters said they checked everyhting out and it didnt modify their computer or communicate with an outside server( although it could just be the author saying this...) Anyway, here's the link if you want to check it out, and anyone else that has heard of it before, do you know where to get source code?
the original link doesnt seem to be working here's it uploaded here.
http://www.megaupload.com/?d=0UNAK1K4

WARNING MAY (OR MAY NOT?) CONTAIN A BACKDOOR
April 7th, 2008, 11:17 AM
nihil

WARNING................. that upload site pops a dating service advert........... you may not want that to happen depending on where you are? :)

This might help:

http://www.virustotal.com/analisis/0...c57a8ab00e145c

http://www.virustotal.com/analisis/b...cda3fe708b1bd7

But AV utilities tend to do that with several security analysis tools, and some even complain if they find UPX :D

The author won't release the source so it boils down to whether or not you trust compiled binaries from him.
April 8th, 2008, 06:47 PM
shad0w7

yeah i also heard from someone that if you unpack with UPX, and scan again, its clean, but I haven't tried this yet, I might do this now
Oh right I've just realised thats what you've done above. But what significance does this have? Does it prove it isn't a virus? also, what could I do to monitor the program, and make sure it isn't writing to registry or communicating with an outside server. Is there a software useful for this?
April 14th, 2008, 05:06 PM
nihil

Sorry for the delay, I have been entertaining relatives.

This site has some stuff I have used for years:

http://www.diamondcs.com.au/

RegistryProt and Process Guard for starters :)

I also use SpyBot S&D with "teatimer" and immunisation. Get SpywareBlaster as well, they work together;)

WinPatrol from BillP Studios is another one that I use.

http://www.winpatrol.com/

You might also look at virtual machine environments and sandboxes?

Personally, I have a few old boxes that I run as stand alones to test stuff with. You can get Durons, Athlons, PIIs and PIIIs for next to nothing these days.

Yes, I am a cheap bastard which is why I recommend free stuff :D