Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Haxdoor.KI Deja Vu - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Haxdoor.KI Deja Vu
F-Secure has updated their description of Haxdoor.KI to note "The skyinet.info website (located in Russia) that the backdoor connects to, is now offering a URL that points to a file named samki.exe. This file contains a nasty payload that damages Windows beyond repair. This file can be downloaded and launched by a hacker to destroy all infected computers when time comes." . Their original blog alert info is here.
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!