Sample needed - of Spybot.ZIF, which scans for vulnerable Cisco Routers

Published: 2005-11-02
Last Updated: 2005-11-02 20:40:02 UTC
by Patrick Nolan (Version: 3)
0 comment(s)
According to Symantec, W32.Spybot.ZIF "allows a remote attacker" to, among other things, "Scan a specified network range for Cisco routers that may have vulnerable Telnet or HTTP servers running and report results back to IRC."

If anyone catches a sample of this one please upload it through our contact page. Thanks!

Thanks to Jakob S for sending us the sample.

It's MD5 sum is:

2ec1fa5fca52b9c36bddea3511178882  svcdata.exe

so if you have a different sample let us know.
For what it's worth, Symantec detects this as W32.Spybot.ZIF while Kaspersky detects it as Backdoor.Win32.Rbot.adf.
0 comment(s)


Diary Archives