Security Incidents mailing list archives
Re: Trojan? DDOS Bot?
From: Mike Parkin <mparkin () cisco com>
Date: Tue, 27 Aug 2002 11:56:53 -0700 (PDT)
You appear to have been infected with one of a variety of Trojans - like BO, NetBus, Sub7, etc. Can't tell from the ports you show, since many of the trojans are configurable for responses, U@H values when connecting to IRC, listening ports, etc. I've seen that same thing from the IRCAdmin side of the equation many times. We used to set up in the "target" channel and wait for the organic to show up and claim it's bots. Unfortunately, even when we'd dealt with him, we'd often see stragglers from his botnet for weeks to come. Advice - get some scanning software appropriate for your OS (Sorry, no recommendation - I'm an *IX guy) and find the trojan. Mike Parkin Cisco Systems, Inc. Information Security SysAdmin/NetAdmin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Trojan? DDOS Bot? Janus (Aug 27)
- Re: Trojan? DDOS Bot? Mike Parkin (Aug 27)
- Re: Trojan? DDOS Bot? Christopher Cramer (Aug 27)
- Re: Trojan? DDOS Bot? Erik Sperling Johansen (Aug 27)
- Re: Trojan? DDOS Bot? Dragos Ruiu (Aug 27)
- Re: Trojan? DDOS Bot? Michael J McCafferty (Aug 27)
- <Possible follow-ups>
- Re: Trojan? DDOS Bot? Richman, Samuel <NHTSA> (Aug 27)
- RE: Trojan? DDOS Bot? Brooke, O'neil (EXP) (Aug 27)
- Re: Trojan? DDOS Bot? Will Tell (Aug 27)
- RE: Trojan? DDOS Bot? YAO,TONY (HP-NewZealand,ex1) (Aug 28)
- RE: Trojan? DDOS Bot? David LeBlanc (Aug 30)