Security Incidents mailing list archives
Win 95 - The answer
From: emaiwald () FRED NET (Eric Miawald)
Date: Wed, 23 Feb 2000 16:01:50 -0500
Thanks to all who provided suggestions. It ended up being Pretty Park. Just a few points - it was found because the security admin at the site was able to see an infection in real time. Norton noticed the original executable in the email but DID NOT pick it up after installation. Some info about it that is not on the Norton Site: -Most traffic goes to the following sites: 193.55.113.134 zafira.eurecom.fr 206.252.192.20 irc.stealth.net 207.152.95.10 mist.cifnet.com -Other traffic (without payloads) go to these sites: 193.104.34.37 irc1.emn.fr 194.158.96.24 desormais.utilisez.ircnet.grolier.net 194.158.96.47 ircnet.grolier.net 195.101.196.14 irc.twiny.net 195.238.2.19 krameria.skybel.net 195.40.6.1 banana.irc.easynet.net 204.247.0.124 irc.ncal.verio.net Eric --------------------------------------------------------------------- Eric Maiwald emaiwald () fred net So Many Hobbies, So little time ---------------------------------------------------------------------
Current thread:
- Re: Win 95 Question- Sounds like a butplug for orifice Dave Pavone (Feb 23)
- Win 95 - The answer Eric Miawald (Feb 23)