Did you look at the website. They straight out say... This Site was designed to help infected IRC users to find proper information, the author does not accept any liability for any damage, loss of data or loss of service caused by the use or misuse of this site. Use at your own risk. I don't know how you can misuse a website designed to infect people... Anyway it looks like somebody connected with nohack.net may have something to do with it. If you are want to follow up you may want to email webteamat_private as they are referenced in the web page source code. Maybe they can get the web site removed... I doubt it but you never know. Kelly Brown Unix System Administrator Ericsson CDMA Systems On Thu, 20 Jun 2002, cw wrote: > Hi there folks, > Twice in the past hour I have been messaged by two separate people on > UnderNet. > > The message goes: > :!Notice!: A Recent Port Scan on your Computer reveals that Port 1800 > is in open state. This usually means that you have been infected with > an IRC Worm Virus. Please download the cleaner at: > http://www.No-Hack.Us/Fixes/Worm1800.exe to remove the virus from > your system. If you do not comply with this rule within 30 minutes, > our client monitor will ban you from this network. -Thanks For > Understanding. UNDERNet Exploit Team > > The nicks have both been Under-XXX (where XXX is a different set of > numbers). > > For one, I know that port 1800 is not open however the file > Worm1800.exe does not show up anything when scanned. > > Both of the users that messaged me were on pacbell.net adsl > > The domain no-hack.us was only registered 6 days ago. > > I don't have the spare time or computer to have a further look into > what this file actually does, has anyone come across this yet and > know what it does or is anyone willing to investigate? > -- > O- cw, cwat_private on 20/06/2002 > "Part man, part monkey. Baby that's me" > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 16:06:17 PDT