Re: [Full-Disclosure] anyone seen this worm/trojan before?
From: Harlan Carvey (keydet89_at_yahoo.com)
To: email@example.com Date: Thu, 3 Jun 2004 12:24:36 -0700 (PDT)
I tried to download the archive, and McAfee alerted me
"W32/SdBot-CF spreads to other computers on the local
network protected by weak passwords."
> I found this worm/ trojan on a laptop. Ran FPort and
> found the .exe.
I checked out your web site...don't you think that the
information you found via fport would be useful to
others, such as the port, etc?
> Doesn't look like it propagates to other machines
> but rather communicates
> with a compromised
> web companies server using IRC. The compromised
> server has removed the IRC
> service. Only sends RST packets back.
> I put it on my site.
> I would like to know the attack vectors. I'm
> guessing LSASS.
Full-Disclosure - We believe in it.