Signature Detail

Short Name	TROJAN:MISC:WINCRASH10-SRV-RDY
Severity	Medium
Recommended	No
Category	TROJAN
Keywords	trojan backdoor windows microsoft wincrash
Release Date	2004/01/14
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TROJAN: WinCrash 1.0 Server Ready

This signature detects the "ready banner" from WinCrash 1.0, a remote backdoor control program. Attackers can use WinCrash to completely control an infected Microsoft Windows host.

Extended Description

WinCrash is a remote administration tool that enables remote attackers to control an infected machine without the knowledge of the victim.

References

CVE: CVE-1999-0660
URL: http://www.f-secure.com/v-descs/wincrash.shtml
URL: http://www.pestpatrol.com/pestinfo/w/wincrash.asp
URL: http://securityresponse.symantec.com/avcenter/venc/data/pf/backdoor.wincrash.html

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

TROJAN: WinCrash 1.0 Server Ready

Extended Description

References