Security Incidents mailing list archives
Re: "Bla 1.1 Trojan"
From: Thierry <thierry () PURGE-IT COM>
Date: Mon, 6 Nov 2000 16:17:58 +0000
David Bailey wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 These are what I found on it. I did not dig any further into the sites (the second one was in French) but hopefully they should be a good start. http://perso.respublica.fr/kankan/bla.htm http://perso.respublica.fr/kankan/bla11.htm ============================== Are You Secure? Would You Bet On It? ============================== David A. Bailey Information Systems Technician (United States Navy Retired) ============================== - -----Original Message----- From: LOS Ralph [SMTP:rlos () ENVESTNET COM] Sent: Friday, November 03, 2000 10:21 AM To: INCIDENTS () SECURITYFOCUS COM Subject: [INCIDENTS] "Bla 1.1 Trojan" I just did a portscan of one of my mail servers and came up with port 1042 open with the port labeled as "Bla 1.1 Trojan". ANY clue what this is? I can't find anything on this one on any security sites (maybe my search is flawed?)
This downladsite you are referencing (see lower right link) is part of TLSecurity. Pay Attention ! The client for BLA is backdoored (trojaned) itself, it sends of your cached passes to an free mail account.
Can someone give me a clue? Ralph M. Los Internet Systems & Security Admin. (312) 827-3945 (direct) EnvestNet Advisory Corp. (312) 296-9003 (wireless) rlos () envestnet com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOgRbWLDT5E54atwQEQJYKQCeKC2CQFgrq1kjm8hu6pnN+Hcg30IAoM0o t7NpRZy0hGXgGIDTkpx3gmD0 =qtAK -----END PGP SIGNATURE-----
Current thread:
- "Bla 1.1 Trojan" LOS Ralph (Nov 05)
- <Possible follow-ups>
- Re: "Bla 1.1 Trojan" David Bailey (Nov 06)
- Re: "Bla 1.1 Trojan" Thierry (Nov 07)