| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jade.deane at riven.net (Jade E. Deane) Subject: Backdoor.Sdbot.N Question Put a sniffer on the offending workstations, see what you get. Regards, Jade On Mon, 2003-09-08 at 17:59, James Patterson Wicks wrote: > Update: Looked at the firewall and saw that some systems were trying to contact outside systems on ports 135 and 445. It looks and acts like "W32.HLLW.Gaobot.AA", but it would have to be some sort of variant due to the change in the file names. Whatdoyathink? > > -----Original Message----- > From: James Patterson Wicks > Sent: Monday, September 08, 2003 4:18 PM > To: full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] Backdoor.Sdbot.N Question > > > Anyone know how Backdoor.Sdbot.N spreads? This morning we had several users pop up with this trojan (or a new variant). These users generated a ton of traffic until their machines were unplugged from the network. There systems have all the markers for the Backdoor.Sdbot.N trojan (registry entries, etc), but was not picked up by the Norton virus scan. In fact, even it you perform a manual scan after the trojan was discovered, it is still not detected in the scan. > > I would also like to know if this is also an indicator of not having the patch for the Blaster worm. > > This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- PGP Public Key: http://www.riven.net/~moose/key.asc Key fingerprint = C497 1FEC 6FC4 6896 6AB5 9A26 71DF 521B 0612 D1B8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030908/407aa982/attachment.bin
Powered by blists - more mailing lists