Re: W2K Compromise - PipeCmdSrv

From: woofzat_private
Date: Tue Oct 08 2002 - 16:40:44 PDT

Next message: sunzi: "Re: Forensics CD (was: Re: Strange Folder"

Previous message: Sam Campbell: "RE: Unusual volume: UDP:137 probes"
Maybe in reply to: Philip: "W2K Compromise - PipeCmdSrv"
Next in thread: sfustonat_private: "Re: W2K Compromise - PipeCmdSrv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20021008001826.2454.qmailat_private> Finally found that my payload is related to IRC GTBot/Aristotles Trojan horse virus , a GT Bot Aurora.d variant i guess ,that come with the same explored.exe file. More info @ http://golcor.tripod.com/gtbot.htm & i have alerted the author there on our message thread here. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: sunzi: "Re: Forensics CD (was: Re: Strange Folder"
Previous message: Sam Campbell: "RE: Unusual volume: UDP:137 probes"
Maybe in reply to: Philip: "W2K Compromise - PipeCmdSrv"
Next in thread: sfustonat_private: "Re: W2K Compromise - PipeCmdSrv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 20:54:53 PDT