Re: strange ftp site

• Previous message: Jeff Kell: "Re: Large increase in port 27347"
• Maybe in reply to: info hunter: "strange ftp site"
• Next in thread: Andre Ludwig: "RE: strange ftp site"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 30 Oct 2003 22:41:12 -0000
To: incidents@securityfocus.com

     Thanks for the info. Any ideas on the exe? I noticed alot of get commands. What do you think this site is trying to attempt to do? set up for spam or maybe trojanize the system.

>Received: (qmail 17055 invoked from network); 30 Oct 2003 20:40:26 -0000
>Received: from outgoing2.securityfocus.com (205.206.231.26)
> by mail.securityfocus.com with SMTP; 30 Oct 2003 20:40:26 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id 505268F929; Thu, 30 Oct 2003 07:45:00 -0700 (MST)
>Mailing-List: contact incidents-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <incidents.list-id.securityfocus.com>
>List-Post: <mailto:incidents@securityfocus.com>
>List-Help: <mailto:incidents-help@securityfocus.com>
>List-Unsubscribe: <mailto:incidents-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:incidents-subscribe@securityfocus.com>
>Delivered-To: mailing list incidents@securityfocus.com
>Delivered-To: moderator for incidents@securityfocus.com
>Received: (qmail 20841 invoked from network); 30 Oct 2003 10:13:52 -0000
>Subject: RE: strange ftp site
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="us-ascii"
>Content-Transfer-Encoding: quoted-printable
>Date: Thu, 30 Oct 2003 10:25:29 -0600
>Message-ID: <6131CAE46FD8494BA0A3E48698FF775B2132@mollico.com>
>Content-class: urn:content-classes:message
>X-MS-Has-Attach:
>X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
>X-MS-TNEF-Correlator:
>Thread-Topic: strange ftp site
>Thread-Index: AcOfAMs1Iq2iAZztQ2KAwylGDGWAygAAZICQ
>From: "David E. Mollico Jr" <dmollico@MOLLICO.com>
>To: "info hunter" <sp3ct0r@yahoo.com>, <incidents@securityfocus.com>
>X-Virus-Scanned: Symantec AntiVirus Scan Engine
>
>I would stay very far away from this website. It looks like those dll's
>have interaction with the kernel file. I'd build a test computer and run
>it on there to see what It will do.
>
>-----Original Message-----
>From: info hunter [mailto:sp3ct0r@yahoo.com]=20
>Sent: Thursday, October 30, 2003 9:24 AM
>To: incidents@securityfocus.com
>Subject: strange ftp site
>
>
>
>Excuse my ignorance but need some help here.
>
>Anyone know anything about this ftp site ftp://66.159.219.196
>
>Noticed a firewall log showing a system hitting this address . Their
>seems to be an exe and and some dll's. When running the exe a dialog
>box named test pops up and displays the text "if you can see this, email
>eric".
>
>Sam spade showed a badly configured dns. Would appreciate any input on
>this. It may be completly benign or maybe even just legit. Just seems
>strange or I may be just paranoid.
>
>------------------------------------------------------------------------
>---
>Network with over 10,000 of the brightest minds in information security
>at the largest, most highly-anticipated industry event of the year.
>Don't miss RSA Conference 2004! Choose from over 200 class sessions and
>see demos from more than 250 industry vendors. If your job touches
>security, you need to be here. Learn more or register at
>http://www.securityfocus.com/sponsor/RSA_incidents_031023
>and use priority code SF4.
>------------------------------------------------------------------------
>----
>
>
>---------------------------------------------------------------------------
>Network with over 10,000 of the brightest minds in information security
>at the largest, most highly-anticipated industry event of the year.
>Don't miss RSA Conference 2004! Choose from over 200 class sessions and
>see demos from more than 250 industry vendors. If your job touches
>security, you need to be here. Learn more or register at
>http://www.securityfocus.com/sponsor/RSA_incidents_031023
>and use priority code SF4.
>----------------------------------------------------------------------------
>
>

---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------

• Previous message: Jeff Kell: "Re: Large increase in port 27347"
• Maybe in reply to: info hunter: "strange ftp site"
• Next in thread: Andre Ludwig: "RE: strange ftp site"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]