The mutant was distributed among end-users, and some of them even installed it. The cause for writing it is the decree of the Bulgarian Committee for Post and telecommunications to license ISPs. More details about it can be seen at http://www.isoc.bg/kpd/ (there's an English version, too). I already said publicly here, that such a "reaction" is causing problems to Infotel, but not to the people who created the decree. regards, Veni Markovski, Chairmain, the Internet Society - Bulgaria, http://www.isoc.bg, http://www.bol.bg/isoc/ phone: (+359-2) 9809666, phone/fax (+359-2) 9806431 mailing address: p.o.box 71, Sofia 1164, Bulgaria >We have discovered two mutants to the ie0199.exe trojan. > >In the first mutant, the targetted host was hpns.infotel.bg, rather than >www.infotel.bg. It seems to look at only a handful of well known sockets. > >The second mutant is more malicious. It generates random IP addresses in >the 212.39 and 195.138 address spaces, with socket numbers in a range of 1-199. > >Neither mutant touched the sndvol32.exe file. > >Someone really has it out for infotel.bg. > >[ Jim Wamsley, Network Engineering ] >[ StorageTek 2270 S. 88th St, M.S. 4380, Louisville, CO 80028 ] >[ Audible: (303) 673-8163 Logical jim_wamsleyat_private ] >[ Sed quis custodiet ipsos custodes - Juvenal, C. 100 C.E ]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:36:29 PDT