Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Haxdoor.KI Deja Vu SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Haxdoor.KI Deja Vu
F-Secure has updated their description of Haxdoor.KI to note "The website (located in Russia) that the backdoor connects to, is now offering a URL that points to a file named samki.exe. This file contains a nasty payload that damages Windows beyond repair. This file can be downloaded and launched by a hacker to destroy all infected computers when time comes." . Their original blog alert info is here.

193 Posts
Aug 26th 2006

Sign Up for Free or Log In to start participating in the conversation!