Comments on: Tracking Coreflood from Shellcode http://blog.threatfire.com/2008/06/tracking-coreflood-from-shellcode.html ThreatFireâ„¢ AntiVirus protects when others can't Sun, 14 Mar 2010 19:21:30 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: ThreatFire Blogger http://blog.threatfire.com/2008/06/tracking-coreflood-from-shellcode.html/comment-page-1#comment-38 ThreatFire Blogger Tue, 01 Jul 2008 16:34:00 +0000 http://newblog.threatfire.com/2008/06/tracking-coreflood-from-shellcode/#comment-38 Heya Willy:<br/><br/>Robert Vamosi commented on Joe Stewart's post here:<br/>http://news.cnet.com/8301-10789_3-9981248-57.html<br/><br/>And Joe Stewart posted some info on Coreflood's use of Sysinternals' PsExec tool, to spread within a company on systems using domain admin accounts. Also, your question about infostealing is answered here as well:<br/>http://www.secureworks.com/research/threats/coreflood/?threat=coreflood<br/><br/>And Willy, Charlie got the golden ticket, but family will make you happy. Sometimes at least. Heya Willy:

Robert Vamosi commented on Joe Stewart’s post here:
http://news.cnet.com/8301-10789_3-9981248-57.html

And Joe Stewart posted some info on Coreflood’s use of Sysinternals’ PsExec tool, to spread within a company on systems using domain admin accounts. Also, your question about infostealing is answered here as well:
http://www.secureworks.com/research/threats/coreflood/?threat=coreflood

And Willy, Charlie got the golden ticket, but family will make you happy. Sometimes at least.

]]> By: Willy Wonka http://blog.threatfire.com/2008/06/tracking-coreflood-from-shellcode.html/comment-page-1#comment-35 Willy Wonka Sun, 29 Jun 2008 14:32:00 +0000 http://newblog.threatfire.com/2008/06/tracking-coreflood-from-shellcode/#comment-35 Can you please post more detail about the information it gathers from the host and then posts?<br/><br/>Thanks Can you please post more detail about the information it gathers from the host and then posts?

Thanks

]]> By: Willy Wonka http://blog.threatfire.com/2008/06/tracking-coreflood-from-shellcode.html/comment-page-1#comment-33 Willy Wonka Fri, 27 Jun 2008 04:03:00 +0000 http://newblog.threatfire.com/2008/06/tracking-coreflood-from-shellcode/#comment-33 Any chance that you guys have been able to figure out how it would spread inside a company? Would it use net view or query against network neighboorhood or something like that to figure out where to propagate? <br/><br/>Thanks Any chance that you guys have been able to figure out how it would spread inside a company? Would it use net view or query against network neighboorhood or something like that to figure out where to propagate?

Thanks

]]>