Re: Trojan? DDOS Bot?

From: Mike Parkin (mparkinat_private)
Date: Tue Aug 27 2002 - 11:56:53 PDT

  • Next message: Christopher Cramer: "Re: Trojan? DDOS Bot?"

    You appear to have been infected with one of a variety of Trojans - like
    BO, NetBus, Sub7, etc.  Can't tell from the ports you show, since many of
    the trojans are configurable for responses, U@H values when connecting to
    IRC, listening ports, etc.
    I've seen that same thing from the IRCAdmin side of the equation many
    times.  We used to set up in the "target" channel and wait for the organic
    to show up and claim it's bots.  Unfortunately, even when we'd dealt with
    him, we'd often see stragglers from his botnet for weeks to come.
    Advice - get some scanning software appropriate for your OS (Sorry, no
    recommendation - I'm an *IX guy) and find the trojan.
    Mike Parkin
    Cisco Systems, Inc.
    Information Security
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 13:12:55 PDT