Hello, Tino Didriksen <sfoat_private> wrote at 19 Jan 2003 02:03:38 -0000: >I have observed a zombie/trojan on a zombie IRC network that apparently >infects vulnerable computers through port 445. The backdoor uses Sysinternals' psexec tool to run itself in the destination host. The connection is attempted several times, with a predefined list of username and password combinations. Further information is available in our description at: http://www.f-secure.com/v-descs/novabot.shtml F-Secure Anti-Virus detects the backdoor with the current updates. Regards, Sami -- Sami Rautiainen F-Secure Corporation Senior Virus Researcher Anti-Virus Research Team tel. +358 9 2520 5656 http://www.F-Secure.com Securing the Mobile, Distributed Enterprise ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 11:38:27 PST