lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: nick at ethicsdesign.com (Nick Jacobsen)
Subject: Backdoor.Sdbot.N Question

Sounds like you probably got hit with a custom packed/encrypted version
of sdbot.  Most likely vector of attack was the newish IE <object> tag
exploit.
 
Nick J.

	-----Original Message----- 
	From: James Patterson Wicks 
	Sent: Mon 9/8/2003 1:18 PM 
	To: full-disclosure@...ts.netsys.com 
	Cc: 
	Subject: [Full-Disclosure] Backdoor.Sdbot.N Question
	
	

	Anyone know how Backdoor.Sdbot.N spreads?  This morning we had
several users pop up with this trojan (or a new variant).  These users
generated a ton of traffic until their machines were unplugged from the
network.  There systems have all the markers for the Backdoor.Sdbot.N
trojan (registry entries, etc), but was not picked up by the Norton
virus scan.  In fact, even it you perform a manual scan after the trojan
was discovered, it is still not detected in the scan.
	
	I would also like to know if this is also an indicator of not
having the patch for the Blaster worm.
	
	This e-mail is the property of Oxygen Media, LLC.  It is
intended only for the person or entity to which it is addressed and may
contain information that is privileged, confidential, or otherwise
protected from disclosure. Distribution or copying of this e-mail or the
information contained herein by anyone other than the intended recipient
is prohibited. If you have received this e-mail in error, please
immediately notify us by sending an e-mail to postmaster@...gen.com and
destroy all electronic and paper copies of this e-mail.
	
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4890 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030908/269194ad/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ