Results 1 to 4 of 4

Thread: Pangolin. Backdoor?

  1. #1
    Member
    Join Date
    Jan 2008
    Posts
    30

    Pangolin. Backdoor?

    Has anybody else come across this sql injector, written by Zwell. The general consensus is that it although it works, there is a backdoor on the program. And when you scan it, it detects an IRC bot. Although according to a mailing list (can't remember which one) some posters said they checked everyhting out and it didnt modify their computer or communicate with an outside server( although it could just be the author saying this...) Anyway, here's the link if you want to check it out, and anyone else that has heard of it before, do you know where to get source code?
    the original link doesnt seem to be working here's it uploaded here.
    http://www.megaupload.com/?d=0UNAK1K4

    WARNING MAY (OR MAY NOT?) CONTAIN A BACKDOOR

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    WARNING................. that upload site pops a dating service advert........... you may not want that to happen depending on where you are?

    This might help:

    http://www.virustotal.com/analisis/0...c57a8ab00e145c

    http://www.virustotal.com/analisis/b...cda3fe708b1bd7

    But AV utilities tend to do that with several security analysis tools, and some even complain if they find UPX

    The author won't release the source so it boils down to whether or not you trust compiled binaries from him.

  3. #3
    Member
    Join Date
    Jan 2008
    Posts
    30
    yeah i also heard from someone that if you unpack with UPX, and scan again, its clean, but I haven't tried this yet, I might do this now
    Oh right I've just realised thats what you've done above. But what significance does this have? Does it prove it isn't a virus? also, what could I do to monitor the program, and make sure it isn't writing to registry or communicating with an outside server. Is there a software useful for this?
    Last edited by shad0w7; April 8th, 2008 at 06:52 PM.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Sorry for the delay, I have been entertaining relatives.

    This site has some stuff I have used for years:

    http://www.diamondcs.com.au/

    RegistryProt and Process Guard for starters

    I also use SpyBot S&D with "teatimer" and immunisation. Get SpywareBlaster as well, they work together

    WinPatrol from BillP Studios is another one that I use.

    http://www.winpatrol.com/

    You might also look at virtual machine environments and sandboxes?

    Personally, I have a few old boxes that I run as stand alones to test stuff with. You can get Durons, Athlons, PIIs and PIIIs for next to nothing these days.

    Yes, I am a cheap bastard which is why I recommend free stuff

Similar Threads

  1. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  2. Millenium Backdoor?
    By Cybr1d in forum Newbie Security Questions
    Replies: 9
    Last Post: May 1st, 2004, 06:17 PM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. LovGate worm opens backdoor, hits network shares
    By mayhem991 in forum AntiVirus Discussions
    Replies: 2
    Last Post: February 25th, 2003, 02:04 AM
  5. A new Trojan for *Nix...
    By [WebCarnage] in forum Security Archives
    Replies: 0
    Last Post: January 10th, 2002, 09:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •