Bugtraq mailing list archives
Re: EMAILed Trojan
From: wamsljr () COLTANO STORTEK COM (Jim Wamsley 303-673-8163)
Date: Thu, 18 Feb 1999 16:28:01 -0700
We have discovered two mutants to the ie0199.exe trojan. In the first mutant, the targetted host was hpns.infotel.bg, rather than www.infotel.bg. It seems to look at only a handful of well known sockets. The second mutant is more malicious. It generates random IP addresses in the 212.39 and 195.138 address spaces, with socket numbers in a range of 1-199. Neither mutant touched the sndvol32.exe file. Someone really has it out for infotel.bg. [ Jim Wamsley, Network Engineering ] [ StorageTek 2270 S. 88th St, M.S. 4380, Louisville, CO 80028 ] [ Audible: (303) 673-8163 Logical jim_wamsley () stortek com ] [ Sed quis custodiet ipsos custodes - Juvenal, C. 100 C.E ]
Current thread:
- Re: EMAILed Trojan Jim Wamsley 303-673-8163 (Feb 18)
- <Possible follow-ups>
- Re: EMAILed Trojan veni markovski (Feb 21)