-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just found a trojan backdoor virus on my system, and when i hexdumped the file, i found the domain name http://2001-007.com/ referenced in it (about 3/4 the way down the file)... it looks as if the trojan virus is submitting information to this domain name (but i cannot say 100% certainty yet, since i have not setup a honeypot machine, infected it, and tcpdumped the network traffic) I have sent emails to vuln-devat_private previously (and Cc'd this email) and posted up all relevant information on my website http://furt.com/grokster/ (I have attached the relevant binaries also), along with the two infected binaries (where you can verify for yourself that 2001-007.com is in fact the domain referenced). I ask for your help and cooperation in verifying whether or not this domain name is collecting user information submitted by the backdoor trojan that infected me, or in fact, finding any information about the website or its owner (as the phone number given in the Whois information is not correct, a person claiming to NOT be John Casey answered the telephone and said that he had never heard of John Casey) I thank you for your time. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPCvRc8aXTGgZdrSUEQLx/wCfVacXBNbK51tEQx/7iR5gqZHPJTIAoIU+ KXXa9gVsg9PdbrBd8PdLBKK8 =axT7 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Dec 27 2001 - 20:10:35 PST