RE: strange ftp site
From: David E. Mollico Jr (dmollico_at_MOLLICO.com)
Date: 10/30/03
- Previous message: kyle.r.maxwell_at_verizon.com: "Re: Persistant Connection to tcp/1423"
- Maybe in reply to: info hunter: "strange ftp site"
- Next in thread: info hunter: "Re: strange ftp site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Oct 2003 10:25:29 -0600 To: "info hunter" <sp3ct0r@yahoo.com>, <incidents@securityfocus.com>
I would stay very far away from this website. It looks like those dll's
have interaction with the kernel file. I'd build a test computer and run
it on there to see what It will do.
-----Original Message-----
From: info hunter [mailto:sp3ct0r@yahoo.com]
Sent: Thursday, October 30, 2003 9:24 AM
To: incidents@securityfocus.com
Subject: strange ftp site
Excuse my ignorance but need some help here.
Anyone know anything about this ftp site ftp://66.159.219.196
Noticed a firewall log showing a system hitting this address . Their
seems to be an exe and and some dll's. When running the exe a dialog
box named test pops up and displays the text "if you can see this, email
eric".
Sam spade showed a badly configured dns. Would appreciate any input on
this. It may be completly benign or maybe even just legit. Just seems
strange or I may be just paranoid.
------------------------------------------------------------------------
--- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
- Previous message: kyle.r.maxwell_at_verizon.com: "Re: Persistant Connection to tcp/1423"
- Maybe in reply to: info hunter: "strange ftp site"
- Next in thread: info hunter: "Re: strange ftp site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
