lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0403301901530.19535-100000@mailbox.prolocation.net> From: raymond at prolocation.net (Raymond Dijkxhoorn) Subject: New Win32 Worm regsvc32.exe offers rootkit features Hi! > my girlfriend got a new? worm on her win2k desktop. > The worm is quite aggressive in spreading, netstat -a did not find an > end, i expect it to be a phatbot/agobot4 fork > seems like it invaded on port 1025, i dont know which services were > offerd there, but i saw several connections to port 1025. Yes it is, there are a zillion variants of this bot. > definitions via web, and scanned ... > No viruses were found. We submitted new samples to f-prot yesterday, they are working on those. Could you try to scan with clamscan, it detected the ones we found. > Markus Koetter > > please mail me for the binary, im really intrested in a analysis report. Please do, make it password protected please, then i can compare it with the ones we found. Thanks, Raymond.
Powered by blists - more mailing lists