On Thu, 20 Jun 2002, Kelly Brown wrote: > Did you look at the website. They straight out say... If anyone has any questions about ongoing on Undernet, especially when it comes to trojan & virus removal, Grr8ful (grr8fulat_private) and puppet (puppetat_private) can certainly answer any questions you may have. These two along with several others have been at this sort of thing for many years on Undernet. > > Kelly Brown > Unix System Administrator > Ericsson CDMA Systems > > On Thu, 20 Jun 2002, cw wrote: > > > Hi there folks, > > Twice in the past hour I have been messaged by two separate people on > > UnderNet. > > > > The message goes: > > :!Notice!: A Recent Port Scan on your Computer reveals that Port 1800 > > is in open state. This usually means that you have been infected with > > an IRC Worm Virus. Please download the cleaner at: > > http://www.No-Hack.Us/Fixes/Worm1800.exe to remove the virus from > > your system. If you do not comply with this rule within 30 minutes, > > our client monitor will ban you from this network. -Thanks For > > Understanding. UNDERNet Exploit Team > > > > The nicks have both been Under-XXX (where XXX is a different set of > > numbers). > > > > For one, I know that port 1800 is not open however the file > > Worm1800.exe does not show up anything when scanned. > > > > Both of the users that messaged me were on pacbell.net adsl > > > > The domain no-hack.us was only registered 6 days ago. > > > > I don't have the spare time or computer to have a further look into > > what this file actually does, has anyone come across this yet and > > know what it does or is anyone willing to investigate? > > -- > > O- cw, cwat_private on 20/06/2002 > > "Part man, part monkey. Baby that's me" > > > > > > ---------------------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: http://aris.securityfocus.com > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ================================================= Travis www.cyberabuse.org/crimewatch Email: Bonkat_private | Bonkat_private ================================================= /"\ \ / X ASCII Ribbon Campaign / \ Against HTML Email ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 11:22:34 PDT