| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Paul Schmehl) Subject: another new worm submission --On Friday, June 04, 2004 03:55:05 PM -0500 insecure <insecure@...ritech.net> wrote: > > McAfee 7.1.0 with DAT 4364 (6/2/04) detects it as BackDoor-CCT. This is > not a worm, it's a trojan. Your systems are being remotely compromised, > possibly with an auto-rooter targeting the lsass vulnerability, which > instructs the compromised system to download, install, and run this > trojan. This trojan includes a keystroke logger, and additional > components that you seem to have missed. Assume that system and any web > site passwords have been compromised. Warn the users of these systems > that unless they change any financial site passwords they are likely to > be victims of theft. > > How are these system getting compromised? Why don't you have this patch > deployed yet? Why are these systems reachable from the Internet over port > 445? > For someone who knows nothing about his network, you sure are willing to make a lot of assumptions. You admit you don't know how the systems were compromised and you don't know what compromised them, yet you castigate him for leaving port 445 open and not patching and you assume this happened *remotely*? > You've got more problems than new worms. > One of which is miserable comforters. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/
Powered by blists - more mailing lists