More on Registry Concealment; suspected Zotob author arrested

Published: 2005-08-26
Last Updated: 2005-08-27 17:26:40 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Long Registry Value Name Update

We keep receiving updates about the long registry value name issues. For some
product, you may see only alerts if the value associated with a long registry name matches given signatures. Alerts may not be generated just for having a long registry value name.

Spybot-S&D is able to check values with long names. RegAlyzer 1.1 and Spybot-S&D 1.4 (under the tools -> System Startup section in advanced mode) both do, in fact, see the values with long names and all subsequent values.

Also, note that the Cygwin ls tool mentioned yesterday will show the long value names, but complain about "filename too long".

All Seeing Eye from Fortego has been reported to catch the overly long registry values names properly

WARNING - Tom Liston's tool for looking for long registry value names WILL PEG YOUR PROCESSOR. Get over it.

Zotob arrests in Turkey and Morocco


"The arrest of the eighteen year-old hacker occurred upon the request of FBI, which traced virus back to a website in Morocco, DGSN said.

According to primary investigation, the hacker had accomplices in Turkey, the motive was financial, and he acted in connivance with groups specialised in bankcards forgery."

The two hackers 'Diabl0' (Farid Essebar) and "Coder" (Atilla Ekici) are suspected to be responsible for a number of Mytob an Zotob variants.

0 comment(s)


Diary Archives