Re: mIRC Zombie, port 445

• Previous message: Tino Didriksen: "Re: mIRC Zombie, port 445"
• Maybe in reply to: Tino Didriksen: "mIRC Zombie, port 445"
• Next in thread: Wim Mees: "strange traffic"
• Next in thread: Andreas Str|m: "Re: mIRC Zombie, port 445"
• Reply: Wim Mees: "strange traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Tino Didriksen <sfoat_private> wrote at 19 Jan 2003 02:03:38 -0000:

>I have observed a zombie/trojan on a zombie IRC network that apparently
>infects vulnerable computers through port 445.

The backdoor uses Sysinternals' psexec tool to run itself in the destination
host. The connection is attempted several times, with a predefined list of
username and password combinations.

Further information is available in our description at:
	http://www.f-secure.com/v-descs/novabot.shtml

F-Secure Anti-Virus detects the backdoor with the current updates.

Regards,
	Sami

-- 
Sami Rautiainen                         F-Secure Corporation
Senior Virus Researcher                 Anti-Virus Research Team
tel. +358 9 2520 5656                   http://www.F-Secure.com

             Securing the Mobile, Distributed Enterprise

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: Andreas Str|m: "Re: mIRC Zombie, port 445"
• Previous message: Tino Didriksen: "Re: mIRC Zombie, port 445"
• Maybe in reply to: Tino Didriksen: "mIRC Zombie, port 445"
• Next in thread: Wim Mees: "strange traffic"
• Next in thread: Andreas Str|m: "Re: mIRC Zombie, port 445"
• Reply: Wim Mees: "strange traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 11:38:27 PST