Re: Not Sasser?!

From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 08/27/04

• Next message: Cris: "Re: Bloodhound.exploit.6 Trojan"
• Previous message: Cris: "Re: Bloodhound.exploit.6 Trojan"
• In reply to: BG250: "Re: Not Sasser?!"
• Next in thread: Bruce Chambers: "Re: Not Sasser?!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 26 Aug 2004 19:45:32 -0600

Greetings --

    Thanks for the information.

Bruce Chambers

-- 
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on 
having both at once. - RAH
"BG250" <anon@anon.com> wrote in message 
news:10irifa5geu8a4@corp.supernews.com...
> When I sent it to AVG, they replied:
>
> Hello,
> it's a new Backdoor.Sdbot. It will be detected by next
> update. Thank you for sending.
>
> When they got the update out, I scanned the file and AVG called it:
> IRC/BackDoor.SdBot.47.1
>
> Its behavior seems similar to Sasser. I thought it was interesting 
> how it
> caused the LSASS error with the 60 second shutdown warning without 
> actually
> planting itself on the particular machine. It would also max out the 
> open
> sessions of the router. After I removed the file and registry 
> entries from
> the two computers, there were no more shutdowns and router sessions 
> went
> back down to minimal. Prior to Monday, nothing I tried would detect 
> the
> file.
>
> Of course, the OP could have the new Sasser worm or something with 
> similar
> behavior.
> Ben G
>

---

• Next message: Cris: "Re: Bloodhound.exploit.6 Trojan"
• Previous message: Cris: "Re: Bloodhound.exploit.6 Trojan"
• In reply to: BG250: "Re: Not Sasser?!"
• Next in thread: Bruce Chambers: "Re: Not Sasser?!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)