Trojan.Seoul
Results 1 to 6 of 6

Thread: Trojan.Seoul

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    386

    Trojan.Seoul

    November 21 late in the evening DialogueScience, Inc. virus alert service registered the appearance of a dangerous Trojan detected by Dr.WebŪ anti-virus program as Trojan.Seoul. The virus source is likely to be in the Republic of Korea. It might be "dedicated" to the AVAR (Association of anti Virus Asia Researchers) forum that is taking place in Seoul these days.
    A relevant hot add-on to Dr.WebŪ anti-virus program version 4.29, detecting Trojan.Seoul was issued at 21:04, November 21. As the virus code is highly complicated, the specialists of Anti-virus Laboratory of Igor Daniloff and of DialogueScience, Inc. keep analysing the code and the destructive features of the Trojan.

    At present it is clear that the virus is a multi-component program, with some components being encrypted. When activated the virus searches for special system activity monitoring tools and debuggers. If found the virus kills them in memory and deletes all the files on the hard drive of the computer. If such processes are not found it creates the correspondent entry in the Windows system registry securing its automatic launching after the system restart. When run after the next reboot the virus displays a message box on the screen with the inscription "What foolish thing you've done" and after that starts deleting all the files on the hard drive.

    The virus is also capable of mass-mailing its copies, this feature is being tested now.

  2. #2
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    hmph. I checked NAV's virus list and no Trojan.Seoul. I just updated today too. Well, I'll keep an eye out for it (I might check around the internet, see what I can find). Appreciate the info though.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  3. #3
    Junior Member
    Join Date
    Nov 2002
    Posts
    4
    This might be particuliarly scary, since my most frequent backdoor visitor is from Seoul, Korea. I will check Symantec.com frequently for the update.
    Thanks for the warning.

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Just to clarify, this info came from a security forum. I gather the poster is acquainted with people at Dr. Web. I checked their website but found nothing. Since this trojan only showed itself less than 24 hrs ago, I guess that's reasonable. Checking several other av sites turned up nothing either.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    The latest backdoor on Norton's site is Backdoor.Assasin.C as of 22/11/02.

    There is already a virus names seoul but it is very old and is a bootsector infector tranmitted by floppies...... I think I remember those types...... Old age is a terrible thing....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    I found that old one, Tiger Shark and am still trying to find out about this new one. This thing, from what I know (which ain't much) is brand new as of 11-21, not seen before in the wild and I hope Dr. Web AV hasn't generated a false alarm. Or, maybe I should hope they have.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •