Re: mIRC Zombie, port 445
From: Sami Rautiainen (Sami.Rautiainen@F-Secure.com)
Date: 01/22/03
- Previous message: Tino Didriksen: "Re: mIRC Zombie, port 445"
- Maybe in reply to: Tino Didriksen: "mIRC Zombie, port 445"
- Next in thread: Wim Mees: "strange traffic"
- Reply: Wim Mees: "strange traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Jan 2003 17:15:39 +0200 From: Sami Rautiainen <Sami.Rautiainen@F-Secure.com> To: incidents@securityfocus.com
Hello,
Tino Didriksen <sfo@projectjj.dk> wrote at 19 Jan 2003 02:03:38 -0000:
>I have observed a zombie/trojan on a zombie IRC network that apparently
>infects vulnerable computers through port 445.
The backdoor uses Sysinternals' psexec tool to run itself in the destination
host. The connection is attempted several times, with a predefined list of
username and password combinations.
Further information is available in our description at:
http://www.f-secure.com/v-descs/novabot.shtml
F-Secure Anti-Virus detects the backdoor with the current updates.
Regards,
Sami
-- Sami Rautiainen F-Secure Corporation Senior Virus Researcher Anti-Virus Research Team tel. +358 9 2520 5656 http://www.F-Secure.com Securing the Mobile, Distributed Enterprise ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Next message: Andreas Str|m: "Re: mIRC Zombie, port 445"
- Previous message: Tino Didriksen: "Re: mIRC Zombie, port 445"
- Maybe in reply to: Tino Didriksen: "mIRC Zombie, port 445"
- Next in thread: Wim Mees: "strange traffic"
- Reply: Wim Mees: "strange traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
