Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Deja Vu - Request for W32.Pasobir Malware Sample - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Deja Vu - Request for W32.Pasobir Malware Sample
If any of ISC participants have a sample of W32.Pasobir we'd really appreciate a submission via our contact page.

Thanks!

**snip**
"Periodically checks for both fixed and removable drives starting with drive D: that are attached to the system and copies itself as the following file:

[DRIVE LETTER]:\sxs.exe

Creates the following file containing instructions to start the worm when the drive is attached to the system:

[DRIVE LETTER]:\autorun.inf"
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!