Security Incidents mailing list archives
new trojan - scanning for open shares ...
From: Philippe Bourcier <philippe () CYBERABUSE ORG>
Date: Mon, 16 Oct 2000 04:45:29 +0200
Hi We've seen on different IRC networks some strange botnets ("dmanz botnet :>") all coming from a new trojan. This trojan is really mysterious, since the only thing found is it's using networks.vbs to scan for open shares, and save the list of IPs found. Then I think the coder of the trojan (adman, who is using his static IP on IRC) take those lists (with a special command given to the bots), but why he does that is still mysterious (perhaps it has something to do with the "Share Level Password" Vulnerability recently discovered). The entire package couldn't be analysed, so we still don't know if there is a DoS tool with it or not. You can see a big list of trojaned machines at www.documents.cyberabuse.org/?doc=11 Philippe Bourcier ------------------------------------- www.documents.cyberabuse.org
Current thread:
- new trojan - scanning for open shares ... Philippe Bourcier (Oct 15)