Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Deja Vu - Request for W32.Pasobir Malware Sample SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Deja Vu - Request for W32.Pasobir Malware Sample
If any of ISC participants have a sample of W32.Pasobir we'd really appreciate a submission via our contact page.

Thanks!

**snip**
"Periodically checks for both fixed and removable drives starting with drive D: that are attached to the system and copies itself as the following file:

[DRIVE LETTER]:\sxs.exe

Creates the following file containing instructions to start the worm when the drive is attached to the system:

[DRIVE LETTER]:\autorun.inf"
Patrick

193 Posts
Sep 26th 2006

Sign Up for Free or Log In to start participating in the conversation!