Firewall Wizards mailing list archives
Re: sndvol.exe
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Sat, 20 Mar 1999 10:02:46 -0800
Yea, the Bulgarians have been creating trojans to
attack a Bulgarian ISP they don't like. I think
this one was e-mailed to people pretenting
to be "Your Internet Explorer Updgrade"
I think the executable was IE1099.EXE or something
similar. A web search or check with the antivirus
vendors ought to turn it up.
I also believe most of the antivirus vendors will catch
it if you;ve got the latest versions.
Ryan
"Randy Garbrick" <garbrir () hotmail com> on 03/18/99 04:33:06 PM
Please respond to "Randy Garbrick" <garbrir () hotmail com>
To: firewall-wizards () nfr net
cc: (bcc: Ryan Russell/SYBASE)
Subject: sndvol.exe
Has anyone noticed a Trojan horse called sndvol.exe that replaces the
Win NT/9X sndvol.exe and then does a continuous port scan from inside a
firewall to multiple outside addresses? It created a denial of service
by maxing out the sessions on our Pix. We're trying to locate the
source of the executable.
Randy Garbrick
Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- sndvol.exe Randy Garbrick (Mar 19)
- Re: sndvol.exe 0x1c (Mar 21)
- Re: sndvol.exe Paul M. Cardon (Mar 22)
- Re: sndvol.exe 0x1c (Mar 23)
- Re: sndvol.exe Paul M. Cardon (Mar 22)
- Re: sndvol.exe Paul M. Cardon (Mar 21)
- Re: sndvol.exe Gordy Thompson (Mar 21)
- <Possible follow-ups>
- Re: sndvol.exe Ryan Russell (Mar 21)
- RE: sndvol.exe Frank W. Keeney (Mar 22)
- Re: sndvol.exe 0x1c (Mar 21)