lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: keydet89 at yahoo.com (Harlan Carvey) Subject: anyone seen this worm/trojan before? Josh, I tried to download the archive, and McAfee alerted me to "W32/Sdbot.worm.gen.g". From: http://www.sophos.com/virusinfo/analyses/w32sdbotcf.html "W32/SdBot-CF spreads to other computers on the local network protected by weak passwords." > I found this worm/ trojan on a laptop. Ran FPort and > found the .exe. I checked out your web site...don't you think that the information you found via fport would be useful to others, such as the port, etc? > Doesn't look like it propagates to other machines > but rather communicates > with a compromised > web companies server using IRC. The compromised > server has removed the IRC > service. Only sends RST packets back. > > I put it on my site. > > http://www.packetfocus.com/analysis.htm > > I would like to know the attack vectors. I'm > guessing LSASS.
Powered by blists - more mailing lists